0% found this document useful (0 votes)

209 views502 pages

Dell Technologies PowerScale Administration

Uploaded by

yasser elbelbesy

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

209 views502 pages

Dell Technologies PowerScale Administration

Uploaded by

yasser elbelbesy

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 502

DELL TECHNOLOGIES

POWERSCALE
ADMINISTRATION - ON
DEMAND-SSP

PARTICIPANT GUIDE

PARTICIPANT GUIDE
Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 2

Table of Contents

PowerScale Administration 18

NAS, PowerScale, and OneFS 19

NAS, PowerScale, and OneFS 20

PowerScale 29
PowerScale 29
Scenario 29
PowerScale Nodes Overview 29
Flash Nodes 31
Hybrid Nodes 34
Archive Nodes 35
Gen6 Hardware Components 37
PowerScale F200 and F600 Hardware Components 39
PowerScale F900 Hardware Components 40
Accelerator Nodes 41
PowerScale Features 43
Node Interconnectivity 47
PowerScale Networking Architecture 49
Leaf-Spine Architecture 51
Leaf-Spine Network Components 53

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 3

Resources 55
Challenge 56

PowerScale Management Interfaces 57

PowerScale Management Interfaces 57
Scenario 57
Management Interfaces Overview 57
Serial Console Video 59
Web Administration Interface (WebUI) 60
Command Line Interface (CLI) 61
CLI Usage 63
isi config 64
Platform Application Programming Interface (PAPI) 65
Front Panel Display 66
Challenge 67

Common Cluster Operations 68

Common Cluster Operations 68
Scenario 68
Licensing 68
Device ID and Logical Node Number 73
Adding Nodes to Cluster 74
Compatibility 74
Maintenance Node Operations 75
Cluster Shutdown 79
Activity: Additional Nodes. 80
Challenge 80

OneFS Directory Structure 81

OneFS Directory Structure 81
Scenario 81
Directory Structure Overview 81
OneFS Integrated Directories 82
Directory Structure Tiering 83

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 4

Directory Structure Design Process 84
Directory Structure Example 1 86
Directory Structure Example 2 86
Directory Structure Permissions 87
Activity: OneFS Directory Structure 88
Challenge 89

Access Administration 90

Access Administration 91

Authentication Providers 92
Authentication Providers 92
Scenario 92
Authentication Providers Overview 92
Authentication Provider Structure 94
Active Directory Overview 95
Active Directory Configuration Videos 96
Network Time Protocol (NTP) Overview 97
NTP Configuration 98
LDAP Overview 99
LDAP WebUI and CLI Configuration Videos 101
Activity: Authentication-Active Directory 102
Challenge 102

Access Zones 104

Access Zones 104
Scenario 104
Access Zone Overview 104
Access Control Architectural Components 105
Access Control Architecture 108
OneFS Multiple Provider Support 109
Access Zone Planning - Base Directory 109
Access Zone Configuration 111
Access Zone Considerations 111

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 5

Access Zone Best Practices 112
Activity: Access Zones 113
Challenge 113
Job Aid: Access Zone 113

Groupnets 115
Groupnets 115
Scenario 115
Network Configuration Planning 116
Groupnets and Access Zones Video 117
Multi-Tenancy Overview 118
Multi-tenancy Considerations 119
WebUI for Configuration 119
CLI for Configuration 121
Configure Groupnets with WebUI and CLI videos 122
Challenge 122

SmartConnect Foundations 124

SmartConnect Foundations 124
Scenario 124
SmartConnect Overview Video 124
SmartConnect Architecture and Multiple Tiers 125
SmartConnect Licensing 128
SmartConnect Advanced - IP Failover and Rebalance Policies 129
SmartConnect Configuration Components 131
SmartConnect Configuration - Create SmartConnect Zone Demonstration 131
SmartConnect Considerations 133
Activity: SmartConnect 135
Challenge 135
Job Aid: SmartConnect 135

IP Address Pools 137

IP Address Pools 137
Scenario 137

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 6

IP Address Pools 137
Link Aggregation 138
Link Aggregation Modes 139
Link Aggregation Mapping 141
IP Allocation Methods 142
Static and Dynamic Pools 147
Allocation Recommendations 148
IP Address Allocation Failover Video 149
Activity: Link Aggregation 150
Challenge 150

Identity Management Administration 151

Identity Management Administration 152

Role-Based Access Control 153

Role-Based Access Control 153
Scenario 153
Overview 153
Roles 154
Role Creation Video 157
Role Management 159
Privileges 161
ZRBAC - ISI_PRIV_AUTH Privilege 162
Best Practices 163
Activity: RBAC-ZRBAC 163
Challenge 163
Job Aid: Role-Based Access Control 164

User Identity Mapping 165

User Identity Mapping 165
Scenario 165
Layers of Access 165
Network and AIMA Hierarchy 166
Identity Management 167

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 7

Access Token Overview Video 168
Access Token Generation 169
Primary Identities 171
Secondary Identities 173
Multiple Identities 174
ID Mapper Database 174
On-Disk Identity 176
On-Disk Identity Use Cases 176
Resources 177
Challenge 177

Authorization 178
Authorization 178
Permissions Scenario 178
Permissions Overview 178
Mixed data-access protocol environments 179
UNIX Permissions - POSIX Overview 181
POSIX in the WebUI 182
chmod Command 183
chown Command 183
Windows ACLs Overview 184
ACL Permission Policy Settings 185
Managing ACL Permissions 186
Synthetic vs Advanced ACLs 188
Permission Authority Video 189
Resources 191
Activity: Authorization 191
Challenge 191
Job Aid: Authorization 192

Client Access Administration 193

Client Access Administration 194

OneFS Caching 195

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 8

OneFS Caching 195
Scenario 195
OneFS Caching Overview and Levels 195
L1 Cache 197
L2 Cache 197
L3 Cache 198
SmartCache 200
OneFS Caching Big Picture 201
Anatomy of a Read 202
Anatomy of an Asynchronous Write 203
L3 Cache Settings 205
CLI Commands 205
L3 Cache Considerations 206

SMB Shares 208

SMB Shares 208
SMB Scenario 208
SMB Overview, Protocols, and Options 208
SMB Server-Side Copy 211
SMB Continuous Availability 212
Enabling and Disabling SMB Service 213
Share Creation Video 214
Share Creation 215
Activity: SMB Shares 220
Challenge 220

NFS Exports 221

NFS Exports 221
Scenario 221
NFS Overview 221
NFS Client Availability 222
Enabling and Disabling NFS 223
NFS Export Creation - Settings 224
NFS Export Creation - Permissions 226

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 9

NFSv3 and NFSv4 Differences 227
NFS Considerations 228
Activity: NFS Exports 229
Challenge 229

S3 Buckets 230
S3 Buckets 230
Scenario 230
S3 Overview 230
Implementation - Creating an S3 Bucket 232
Accessing the S3 Bucket 236
Considerations 236
Best Practices and Resources 237
Services 237
Challenge 237

HDFS 238
HDFS 238
Hadoop Introduction 238

Data Protection Administration 239

Data Protection Administration 240

File Striping 241

File Striping 241
Scenario 241
Introduction to File Striping 242
Data and FEC Stripe Units 243
File Striping Steps 244
Considerations: File Striping 248
Challenge 248

Data Protection 250

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 10

Scenario 250
OneFS Data Protection 250
Data Protection Improvements 251
Data Protection Terms 252
N+2n vs. N+2d:1n Data Protection 259
Mirrored Data Protection 260
FEC Protection - Single Drive Per Node 261
FEC Protection - Multiple Drives Per Node 263
FEC Protection - Advanced 265
Protection Overhead 267
Considerations 268
Challenge 269

Protection Management 270

Protection Management 270
Scenario 270
Data Protection Types 271
Requested Protection 271
Requested Protection Settings 273
Use Case - Node Pool or Directory Requested Protection 278
Suggested Protection 279
Suggested Protection Status 280
Actual Protection 281
Actual Protection Representation 282
isi get 284
Challenge 284

Data Layout 286

Data Layout 286
Scenario 286
Data Layout Overview 287
Data Access Patterns 288
Access Pattern Example: Streaming with 1 MB File 289
Access Pattern Example: Concurrency with 1-MB File 290

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 11

Data Layout Management 290
Challenge 291

Storage Pools Administration 292

Storage Pools Administration 293

Storage Pools 294

Storage Pools 294
Scenario 294
Storage Pools Overview 294
Storage Pool Anatomy 295
Storage Pool Components 296
Storage Pool CLI 305
Serviceability 306
Challenge 306

File Pools 307

File Pools 307
Scenario 307
File Pool Policies Overview 307
Default File Pool Policy 308
File Pool Policies Use Case 311
File Pool Policy Filters 312
SSD Options 313
File Pool Policies Jobs 316
Policy Template 317
File Pool Policies Order 318
File Pool Policy Considerations 318
Serviceability 319
Activity: File Pools 319
Challenge 320

SmartPools 321
SmartPools 321

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 12

Scenario 321
SmartPools Overview 321
SmartPools Licensing 322
SmartPool Settings 323
SSD Usage Comparison 329
SmartPools Considerations 329
Activity: SmartPools 330
Challenge 330

CloudPools 331
CloudPools 331
Scenario 331
CloudPools Overview and Example Video 331
CloudPools Considerations 334
Cloud Providers and Storage 336
CloudPools Administration 338
File Pool Policies - CloudPools 341
CloudPools Settings 341
CLI for CloudPools 343
C2S Cloud Support 344
CloudPools Limitations 345
Activity: Cloudpools 346
Challenge 346

Data Services Administration 347

Data Services Administration 348

File Filtering 349

File Filtering 349
Scenario 349
File Filtering Overview 349
Management of Existing Cluster Files 351
File Filtering Use Cases 352
File Filtering Configuration 353

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 13

Activity: File Filtering 355
Challenge 355

SmartQuotas 356
SmartQuotas 356
Scenario 356
SmartQuotas Overview Video 356
Quota Types 358
Enforcement Quotas 359
SmartQuotas Implementation 359
Default Quotas 360
Creating Default Directory Quotas 362
Quota Accounting 364
Overhead Calculations 365
Quotas and Thin Provisioning 366
Quota Nesting 367
Percent-Based Advisory and Soft Limits 369
Quota Notifications 370
Quota Notification Template 373
Template Variables 373
Considerations 375
Activity: SmartQuotas 376
Challenge 376

SmartDedupe 377
SmartDedupe 377
Scenario 377
SmartDedupe Overview 377
SmartDedupe Architecture 378
SmartDedupe Considerations 380
SmartDedupe Function 382
SmartDedupe Use Cases 383
SmartDedupe Jobs 385
SmartDedupe Administration 386

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 14

Inline Data Deduplication 386
Inline Data Compression 387
Considerations and Best Practices 388
Activity: SmartDedupe 389
Challenge 389

SnapshotIQ 390
SnapshotIQ 390
Scenario 390
SnapshotIQ Overview 390
Snapshot Operations 392
Copy on Write and Redirect on Write 393
Ordered and Unordered Deletions 394
Creating Snapshots 395
Accessing Snapshot Files 397
Preserving Permissions 398
Restoring Snapshots 399
Writable Snapshots 402
SnapshotIQ Considerations 403
Activity: SnapshotIQ 403
Challenge 404

SyncIQ 405
SyncIQ 405
Scenario 405
SyncIQ Overview Video 405
SyncIQ Deployment Topology 407
SyncIQ Considerations and Limits 410
SyncIQ Administrative Functions 414
SyncIQ Replication Policies 418
Creating the SyncIQ Policy 419
Copy vs Synchronize Policies 423
SyncIQ Configuration Video 424
Activity: SyncIQ 426

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 15

Challenge 426

SmartSync 427
SmartSync 427
Smartsync Overview 427

SmartLock 429
SmartLock 429
Scenario 429
SmartLock Overview 430
SmartLock Concepts 431
SmartLock Operating Modes 431
SmartLock Directory Types 433
SmartLock Configuration 434
SmartLock CLI Example 436
Committing Files to WORM 436
SmartLock Considerations 437
Activity: SmartLock 438
Challenge 438

Monitoring Administration 439

Monitoring Administration 440

PowerScale HealthCheck 441

PowerScale HealthCheck 441
Scenario 441
HealthCheck Overview 442
Checklists and Checklist Items 443
Checklist Item Parameters 443
Running a HealthCheck 444
HealthCheck Schedule 445
Viewing an Evaluation 446
HealthCheck Resources 447
Challenge 447

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 16

InsightIQ 448
InsightIQ 448
Scenario 448
InsightIQ Overview 448
Qualifying Questions 449
InsightIQ Dashboard 450
Capacity Analysis 451
Default Reports 452
Capacity Reporting and Forecasting 452
Create Performance Report 453
File System Analytics 454
Enable FSA 455
Considerations 456
Challenge 456

isi statistics 457

isi statistics 457
Scenario 457
Statistics and Status Commands 457
Basic isi statistics Functions 460
InsightIQ vs isi statistics 460
Example: Statistics for Drive Activity 461
Example: Statistics by Most Active Files and Directories 462
Practical Skills 462
Activity: isi statistics 463
Challenge 464
You Have Completed This Content 465

Appendix 467

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 17

Network Attached Storage

PowerScale Administration

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 18

NAS, PowerScale, and OneFS

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 19

Network Attached Storage

NAS, PowerScale, and OneFS

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 20

Network Attached Storage

Scenario

As a new administrator in the IT Department, your responsibilities include

the administration and management of a newly installed PowerScale
cluster. Before jumping in and exploring its capabilities, the department
manager must ensure that you can compare storage technologies and
why PowerScale fits the business. Begin by learning about NAS and the
PowerScale system.

NAS Overview

Network Attached Storage, or NAS, is an IP-based file-sharing device that

is attached to a local area network. NAS can serve various clients and
servers over an IP network.

NAS enables organizations to:

• Simplify management of data storage.

• Enable comprehensive data access and file sharing.
• Increase efficiency with centralized storage.
• Increase availability with efficient data replication and recovery options.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 21

Network Attached Storage

Types of Data Storage

The two types of data used today are structured data and unstructured
data1. PowerScale specializes in storing unstructured data.

Structured Data Unstructured Data

Resides in a fixed field of Stored in a hierarchical structure that

records or files. uses files and folders, like a paper-
based filing system.

Requires defined datatype, Exists in its native or raw form with no

access, and processes. predefined organization.

Most often used in a relational Used less often in relational database.

database.

Examples include records or Examples include photos, documents,

files, census records, economic IoT sensor data, scientific data, and
catalogs, phone directories, social media posts.
customer contact records, and
credit card numbers.

Scale-Up or Scale-Out Architecture

There are two types of NAS architectures: scale-up and scale-out.

PowerScale is a scale-out NAS solution.

1 80-90% of digital data is unstructured.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 22

Network Attached Storage

Scale-Up

• With a scale-up platform, if more storage is needed, another

independent NAS system is added to the network.
• A scale-up solution has controllers to provide computational throughput
and connect to disc storage arrays.
• The power of the storage controllers to handle increasing I/O demands
or any capacity increase limits scale-up architecture. The solution is to
add more controllers as a separate system.

Graphic showing adding controllers for a scale-up solution.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 23

Network Attached Storage

Scale-Out

• With a scale-out architecture solution, all the NAS devices, or

PowerScale nodes, belong to a unified cluster with a single point of
management.
• In a scale-out solution, the computational throughput, disks, disk
protection, and management are combined and exist for a single
cluster.

PowerScale cluster for a scale-out solution.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 24

Network Attached Storage

Scale-Out NAS

Scale-out NAS2 is now a mainstay in most data center environments. The

next wave of scale-out NAS innovation has enterprises embracing the
value3 of NAS and adopting it as the core of their infrastructure.

PowerScale architecture with different clients that are connected to the cluster through an
Ethernet switch. The backend layer allows for node-to-node communication.

2 The PowerScale scale-out NAS storage platform combines modular

hardware with unified software to harness unstructured data. Powered by
the OneFS operating system, a PowerScale cluster delivers a scalable
pool of storage with a single global namespace.
3 Enterprises are raising the standard on enterprise grade resilience, with

a no-tolerance attitude toward data loss and data unavailable situations

and supporting simplified management. Organizations see massive scale
and performance with smaller data center rack footprints that the
performance-centric workloads drive.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 25

Network Attached Storage

OneFS Operating System

With traditional NAS systems the file system4, volume manager5, and the
implementation of RAID6 are all separate entities.

PowerScale OneFS combines these functions and enables businesses to

store, manage, protect, secure, and analyze data while running a wide
variety of data-centric file workloads.

• Creates a single file system for the cluster7

4 The file system is responsible for the higher-level functions of

authentication and authorization.
5 The volume manager controls the layout of the data.

6 RAID controls the protection of the data.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 26

Network Attached Storage

• Volume manager and protection8

• Data shared across cluster9
• Scale resources10

Knowledge Check - NAS

1. Select the option that best describes implementing a scale-out NAS

system.
a. With scale-out NAS, a single component (node) of a system
contains the compute and storage, whereas scale-up NAS has
individual components for compute and storage.
b. With scale-up NAS, performance scales linearly when adding
nodes, and scale-out performance increases depending on node
CPU type.
c. With scale-out NAS, you add more nodes to the cluster as the
need for capacity or compute power increases. Similarly, with
scale-up NAS, you add any number of storage and compute
systems to increase capacity and performance.
d. Both scale-up and scale-out NAS systems are equally scalable in

7 As nodes are added, the file system grows dynamically, and content is
redistributed automatically.
8 OneFS performs the duties of the volume manager and applies

protection to the cluster as a whole. There is no partitioning, and no need

for volume creation. All data is striped across all nodes.
9 Because all information is shared among nodes, the entire file system is

accessible by clients connecting to any node in the cluster.

10 Each PowerScale node contains globally coherent RAM, meaning that,

as a cluster becomes larger, it also becomes faster. The performance

scales linearly when adding a node.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 27

Network Attached Storage

both performance and capacity.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 28

PowerScale

Scenario

Now that a scale-up or scale-out NAS and the OneFS operating system is
recognizable, move on to the differences of the PowerScale nodes. The IT
manager must ensure that everyone can distinguish between various
PowerScale nodes and determine what type of workflow works best for
each.

F200, H7000, A300 nodes

PowerScale Nodes Overview

PowerScale is a scale-out NAS cluster comprised of compute nodes

forming node pools. Different node types have unique storage and
performance profiles. PowerScale is designed for large volumes of
unstructured data. The design goal for the PowerScale nodes is to provide
a scale-out solution with minimal operational overhead.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 29

PowerScale

The PowerScale family has different offerings that are based on the need
for performance and capacity. OneFS powers all the nodes.

Gen6 4U chassis

Isilon Gen6 Platforms:

• Flash Nodes: F800, F810

• Hybrid Nodes: H400, H500, H5600, H600
• Archive Nodes: A200, A2000
• Minimum cluster is four nodes. Nodes added in pairs for peer node
redundancy.

Gen6 PowerScale chassis

PowerScale Gen6 Refresh:

• Hybrid: H700, H7000

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 30

PowerScale

• Archive: A300, A3000

• Minimum cluster is four nodes. Nodes added in pairs for peer node
redundancy.

F200 (top) and F600 (middle) 1U. F900 (bottom) 2U.

PowerScale All-Flash Series:

• F200
• F600
• F900
• Minimum cluster is three nodes. Nodes can be added one at a time.

Isilon F800/810 flash nodes are EOL on April 30, 2024. End-of-Service
Support (EOSS) TBA.

Isilon Gen6 Hybrid and Archive nodes are EOL as of May 5, 2023. End-of-
Service-Support (EOSS) ends May 31, 2028.

Go to: See the Dell End-of-Life documents page or Product

Availability guide for information regarding EOL or End-of-
Service-Support (EOSS) for specific PowerScale platforms.

Flash Nodes

The F-series nodes sit at the top of both performance and flash capacity
with All-Flash arrays for ultra-compute and high capacity. Even when the
cluster scales, the latency remains predictable.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 31

PowerScale

F800/810 4U chassis

• F800
• F810

F900 2U chassis

• F900

• F800, F810, and F900 General Use Cases11

111) Digital media: 4K, 8K, broadcast, real-time streaming, and post-
production
2) Electronic Design Automation: design, simulation, verification, and
analysis of electronic and mechanical systems design
3) Life Sciences: genomics DNA and RNA sequencing

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 32

PowerScale

F200 1U node

• F200

F600 1U node

• F600

• F200 and F600 General Use Cases12

Go to: For a detailed list of the flash node specifications,

see the PowerScale All-Flash NAS page.

121) Digital media: small and medium-size studios

2) Enterprise edge: remote and branch offices along with edge locations
that require high-performance local storage
3) Healthcare, Life Sciences: Genomics sequencing, digital pathology,
small hospitals, clinics

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 33

PowerScale

Hybrid Nodes

The hybrid storage platforms are highly flexible and maintain a balance
between large capacity and high-performance storage providing support
for a broad range of enterprise workloads.

H400, H500, H600, H5600 4U chassis

• H400
• H500
• H600
• H5600

o Only H5600 includes inline compression and deduplication

H700, H7000 4U chassis

• H700

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 34

PowerScale

• H7000
• Includes inline compression and deduplication

• General Use Cases13

Go to: For a detailed list of the hybrid node specifications,

see the PowerScale Hybrid NAS page.

Archive Nodes

The A-series nodes are designed as highly efficient and resilient active
archive storage or long-term data retention for large-scale data archives.
The archive platforms can be combined with new or existing flash and
hybrid storage systems into a single cluster that provides an efficient
tiered storage solution.

131) Digital media: broadcast, real-time streaming, rendering, and post-

production
2) Enterprise File Services: Home directories, File shares, group and
project data
3) Analytics: Big data analytics, Hadoop and Splunk log analytics

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 35

PowerScale

A200, A2000 4U chassis

• A200
• A2000

A300, A3000 4U chassis

• A300

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 36

PowerScale

• A3000
• Includes inline compression and deduplication

• General Use Cases14

Go to: For a detailed list of the archive node specifications,

see the PowerScale Archive NAS page.

Gen6 Hardware Components

The Isilon and PowerScale Gen6 platforms are based on a proprietary

architecture designed by Dell Technologies. Gen6 (legacy and new)
requires a minimum of four nodes to form a cluster. You must add nodes
to the cluster in pairs. The chassis holds four compute nodes and twenty
drive sled slots. Both compute modules in a node pair power-on
immediately when one of the nodes connects to a power source.

Rear view and front view of an Isilon Gen6 and PowerScale Gen6 chassis.

141) Deep Archives: large-scale, archiving data storage. 2) Disaster

Recovery: disaster recovery target for organizations requiring a large-
capacity storage solution. 3) File Archives: storage and access to
reference data to meet business, regulatory and legal requirements.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 37

PowerScale

1: The compute module bay of the two nodes make up one node pair.
Scaling out a cluster with Gen6 nodes is done by adding more node pairs.
You cannot mix node types in the same node pair.

2: Each Gen6 node provides two ports for front-end connectivity. The
connectivity options for clients and applications are 10GbE, 25GbE,
40GbE, and 100GbE.

3: Each node can have 1 or 2 SSDs that are used as L3 cache, global
namespace acceleration (GNA), or other SSD strategies.

4: Each Gen6 node provides two ports for back-end connectivity. A Gen6
node supports 10 GbE, 25 GbE, 40 GbE, and InfiniBand.

5: Power supply unit - Peer node redundancy: If a compute module power

supply failure takes place, the power supply from the peer node
temporarily provides power to both nodes.

6: Each node has five drive sleds. Depending on the length of the chassis
and type of the drive, each node can handle up to 30 drives or as few as
15. A drive sled must always have the same type of disk drive.

7: You cannot mix 2.5" and 3.5" drive sleds in a node. Disks in a sled must
be the same type.

8: The sled can be either a short sled or a long sled. The types are:

• Long Sled - four drives of size 3.5"

• Short Sled - three drives of size 3.5"
• Short Sled - three or six drives of size 2.5"

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 38

PowerScale

9: The chassis comes in two different depths, the normal depth is about
37 inches and the deep chassis is about 40 inches.

10: Large journals offer flexibility in determining when data should be

moved to the disk. Each node has a dedicated M.2 vault drive for the
journal. A node mirrors their journal to its peer node. The node writes the
journal contents to the vault when a power loss occurs. A backup battery
helps maintain power while data is stored in the vault.

PowerScale F200 and F600 Hardware Components

PowerScale All-Flash nodes (F900, F600, and F200) require a minimum

of three identical nodes (same model) to form a cluster. You can add
single nodes to the cluster. The F600 and F200 are a 1U form factor and
are based on the PowerEdge R640 architecture.

Front and rear view of an F200 (left) and F600 (right).

1: Disks in a node are all the same type. Each F200 node has four SAS
SSDs.

2: The F200 and F600 nodes have two ports for backend connectivity
using PCIe slot 1.

3: The F200 front-end connectivity uses the rack network daughter card
(rNDC).

4: Redundant power supply units - If a PSU fails, the secondary power

supply in the node provides power. Power is supplied to the system

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 39

PowerScale

equally from both PSUs when the Hot Spare feature is disabled. Hot
Spare is configured using the iDRAC settings.

5: Scaling out an F200 or an F600 node pool only requires adding one
node. Both nodes support the use of iDRAC for remote access.

6: F600 nodes have eight NVMe SSDs. Slots 0 and 1 are not used for
drives.

7: For front-end connectivity, the F600 uses the PCIe slot 3.

V
Important: In the F600 nodes, the rNDC is not intended for
client network access, but it can provide 1 GbE
management port functionality.

PowerScale F900 Hardware Components

The F900 is a 2U form factor and is based on the PowerEdge R740xd

architecture.

Front view (top) and rear view of an F900 node.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 40

PowerScale

1: Left control panel: Contains system health and system ID, and status
LED.

2: Drive slots: Customer replaceable drives. The F900 supports 24 x 2.5”

front-accessible, hot-plug SSDs, secured by a removable front bezel.

3: Information tag: A slide-out label panel that contains system information

such as Service Tag, NIC, MAC address, and so on.

4: Right control panel: Contains the power button, VGA port, iDRAC Direct
micro-USB port, and USB 3.0 ports.

5: Back-end NIC: Two InfiniBand connections or a dual-port NIC

supporting a 40 Gb or 100 Gb connection.

6: PCI Extender - CPU2

7: PCI Extender - CPU1

8: iDRAC RJ45: Enables remote iDRAC access.

9: Serial port for initial setup and troubleshooting.

10: VGA port: Enables connection to a display device to the system.

11: USB Port 3.0: Enables connection by USB to the system.

12: rNDC: The NIC ports that are integrated on the network daughter card
(NDC) provide front-end network connectivity.

13: Power supply unit 1 (left) and PSU2 (right).

14: Front-end NIC

Accelerator Nodes

OneFS 9.3 and later includes support for two new PowerScale accelerator
node models. The accelerator nodes do not contain any local storage
used as a part of the cluster and are optimized for CPU or memory
configurations. Based on the 1RU Dell PE R640 platform, accelerator
nodes include:

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 41

PowerScale

• The PowerScale Performance Accelerator (PSPA) P100 is

promoted as a low-cost, value-added means to add performance to
clusters consisting of nodes with CPU heavy workloads, such as M&E.
PSPAs are intended to improve cluster performance by
accommodating more concurrent active client connections and
improve individual session throughput.
• The PowerScale Backup Accelerator (PSBA) B100 is promoted as
the go-to solution for two-way NDMP connections, supporting two ports
of Fibre Channel (16G), from a PowerScale cluster. Offloading NDMP
workloads from the primary storage nodes provides a seamless way to
accelerate tape backups.

B100 rear view

Go to: PowerScale B100 or PowerScale P100 product

pages for more documentation. An accelerator node spec
sheet is available in the Node Site Preparation and Planning
Guide.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 42

PowerScale

PowerScale Features

Context: Now that a basic understanding of the node offerings is

established, the next step is to understand the common features provided
across the PowerScale platforms.

Attribute Description Benefits Use Case

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 43

PowerScale

Scalability • Distributed • Increased Media and

fully performanc Entertainment
symmetric e per 15

clustered usable
architecture Terabyte
that (TB)
combines • Enable
modular lower
storage. latency
• A cluster apps to
can scale leverage
up to 252 scale-out
nodes. NAS.
• Leveraging
standard
technology
to increase
focus on
scale.

15 A Media and Entertainment production house needs high single stream

performance at PB scale that is cost-optimized. The organization requires
cloud archive in a single namespace, archive optimized density with a low
Total Cost of Ownership (TCO) solution. This environment typically has
large capacities and employs new performance technologies at will.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 44

PowerScale

Performanc • Data • Predictable

e reduction performanc
for storage e at scale
efficiency • Increased
• Policy- storage
based efficiency
automated
tiering
options to
optimize
storage
resources
and lower
costs
• Optimizing
component
s to
maximize
performanc
e

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 45

PowerScale

Data • Built-in • Small fault Financial

Protection protection domains Sectors17
design16 • Eliminating
• FEC and the single
mirroring point of
data failure
protection • Predictable
schemes failure
• Policy- handling at
based PB
retention densities
and
protection
against
accidental
deletion

16 Protects against disk or node failure, and includes back-end intra-cluster

failover
17 Financial sectors rely heavily on data protection and availability to

operate. Data loss such as customer transactions or system downtime can

negatively affect the business.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 46

PowerScale

Sizing • Dedicated • Gen6 Start-up

cache cluster in a Company18
drives box and
simple
• Converged
growth path
architecture
• Customizab
• Nondisrupti
le solution
ve
hardware • Same
replacemen building
t blocks
irrespective
of cluster
profile

Node Interconnectivity

PowerScale nodes can use an InfiniBand or Ethernet switch on the

backend. InfiniBand was designed as a high-speed interconnect for high-
performance computing, and Ethernet provides the flexibility and high
speeds that sufficiently support the PowerScale internal communications.

Rear view: Gen6 (left), F200/F600 nodes and P100/B100 accelerator

nodes (upper right), F900 node (lower right).

18A simple and agile use case is a small start-up company growing at a
rapid pace. The company must start with limited capacity and then grow
on-demand for scale and new workloads.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 47

PowerScale

1: Backend ports int-a and int-b. The int-b port is the upper port. Gen6
backend ports are identical for InfiniBand or Ethernet and cannot be
identified by looking at the node. If Gen6 nodes are integrated into a Gen5
or earlier cluster, the backend uses InfiniBand. There is a procedure to
convert an InfiniBand backend to Ethernet if the cluster no longer has pre-
Gen6 nodes.

2: PowerScale nodes with different backend speeds can connect to the

same backend switch and not see any performance issues. For example,
an environment has a mixed cluster where A200 nodes have 10 GbE
backend ports and H600 nodes have 40 GbE backend ports. Both node
types can connect to a 40 GbE switch without affecting the performance of
other nodes on the switch. The 40 GbE switch provides 40 GbE to the
H600 nodes and 10 GbE to the A200 nodes.

3: Some nodes, such as archival nodes, might not use all 10 GbE port
bandwidth while other workflows might need the full utilization of the 40
GbE port bandwidth. The Ethernet performance is comparable to
InfiniBand so there should be no performance bottlenecks with mixed
performance nodes in a single cluster. Administrators should not see any
performance differences if moving from InfiniBand to Ethernet.

4: F200 and F600 backend ports use the PCIe slot.

5: F900 backend ports use the PCIe slot.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 48

PowerScale

Warning: Do not plug a back-end Ethernet topology into a

back-end InfiniBand NIC. Plugging Ethernet into the
InfiniBand NIC switches the back-end NIC from one mode to
the other and will not return to the same state.

PowerScale Networking Architecture

OneFS supports standard network communication protocols IPv4 and

IPv6. PowerScale nodes include several external Ethernet connection
options, providing flexibility for a wide variety of network configurations19.

Network: There are two types of networks that are associated with a
cluster: internal and external.

Front-end, External Network

Clients connect to the cluster using Ethernet connections20 that are

available on all nodes.

The complete cluster is combined with hardware, software, and networks

in the following view:

19 In general, keeping the network configuration simple provides the best

results with the lowest amount of administrative overhead. OneFS offers
network provisioning rules to automate the configuration of additional
nodes as clusters grow.
20 Because each node provides its own Ethernet ports, the amount of

network bandwidth available to the cluster scales linearly when new nodes
are added.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 49

PowerScale

F200 cluster showing supported front-end protocols.

Back-end, Internal Network

OneFS supports a single cluster21 on the internal network. This back-end

network, which is configured with redundant switches for high availability,
acts as the backplane for the cluster.22 Usually, a simple switch
architecture is used for each interface in the back-end. However, for larger
deployments, a leaf-spine architecture is implemented for the back-end to
provide redundancy and maximize throughput.

21 All intra-node communication in a cluster is performed across a

dedicated backend network, comprising either Ethernet or low-latency
QDR InfiniBand (IB). Ethernet is required for Gen6 and newer
installations.
22 This enables each node to act as a contributor in the cluster and

isolating node-to-node communication to a private, high-speed, low-

latency network. This back-end network utilizes Internet Protocol (IP) for
node-to-node communication.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 50

PowerScale

Gen6 chassis connecting to the back-end network.

Leaf-Spine Architecture

From OneFS 8.2 and later, a leaf-spine back-end network architecture

provides the performance, scale, and capacity that is required to facilitate
large deployments, up to 252 nodes. Leaf-Spine is a two-level hierarchy
where nodes connect to switches called leaf switches, and leaf switches in
turn connect to switches called spine switches. The topology uses the
maximum internal bandwidth and ports of the supported switches.

The current back-end switches include:

• Dell S5232-ON 32-port 100 GbE switch,

• Dell Z9264-ON 64-port 100 GbE switch
• Dell S4112-ON 12-port 10GbE switch

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 51

PowerScale

A conceptual graphic of the leaf-spine topology for a PowerScale cluster using Z9100-ON
switches.

Definition PowerScale F-Series PowerScale Gen6

Description Description

Small cluster 3 to 32 nodes 1 to 8 chassis

Medium cluster 32 to 48 nodes 9 to 12 chassis

Large cluster 48 to 144 nodes 13 to 36 chassis

Extra-large cluster 144 to 252 nodes 20 to 64 chassis

Suggested cluster sizing definitions.

Go to: For cluster sizing and recommended leaf-spine

topology implementations, see Considerations and Best
Practices for Large PowerScale Clusters on the PowerScale
storage resources page.
Go to: The PowerScale OneFS Product Availability Guide
for a complete listing of supported switches.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 52

PowerScale

Leaf-Spine Network Components

The Dell Z9264-ON switch is used as an example to describe the

components.

Component Hardware Description

Spine Dell Z9264 64-port Back-end network with 64, 100 GbE
100 GbE switch ports that connects to the leaf
switches.

Leaf Dell Z9264 64-port • Up to 10 x 100 GbE uplinks to

100 GbE switch spine.
• 54 40 GbE/100 GbE nodes or
108 10 GbE/25 GbE nodes
using breakout cable.

Uplink Leaf to Spine There must be the same number of

connection uplinks on every Leaf switch. That
number should be the number of
Downlink Leaf to Node uplinks required by the Leaf switch
connection with the most downlinks.

Breakout 40 GbE cable that This cable connects a Leaf switch

Cable breaks out to four 10 40 GbE port to four 10 GbE nodes
GbE cables OR 100 or a Leaf switch 100 GbE port to
GbE cable that four 25 GbE nodes.
breaks out to four 25
GbE cables

100 GbE B100, P100, F200, • F200/600/900, H700, and

and 40 GbE F600, F800, F810, H7000 nodes support a 40 GbE
back-end F900, H500, H600, or 100 GbE connection to the
H700, H5600, leaf switch.
H7000, A300, and • See the spec sheet for each
A3000 nodes node model to find the
supported back-end NIC.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 53

PowerScale

25 GbE and B100, P100, F200, • 10/25GbE nodes support a 10

10 GbE F600, A200, A2000, GbE connection to the Leaf. Use
back-end A300, A3000, and a breakout cable to connect a
H400 nodes maximum of four nodes to a
single Leaf port.
• A300, A3000, F200, F600,
H700, and H7000 nodes support
a 10 GbE or 25 GbE connection
to the Leaf switch.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 54

PowerScale

Resources

Deep Dive: The PowerScale OneFS Info Hub has additional

resources.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 55

PowerScale

Challenge

According to the H700 specification sheet, answer the following question.

1. What is the largest capacity SED hard drive available for the H700
and what would be the raw cluster size with forty nodes?
a. 10 TB hard drive, 6 PB cluster size.
b. 12 TB hard drive, 7.2 PB raw cluster size.
c. 16 TB hard drive, 9.6 PB raw cluster size
d. 20 TB hard drive, 12 PB raw cluster size

2. Select the statements that are true about Gen6 nodes and
PowerScale F200/600/900 nodes.
a. A minimum of four nodes are required to form a Gen6 cluster
whereas only three F200/600/900 nodes are required to form a
cluster.
b. Gen6 nodes and F200/600/900 nodes are based on a
server/blade type architecture that is adapted from PowerEdge
platforms.
c. You can add a minimum of one F200/600/900 node to an existing
cluster whereas Gen6 nodes can only be added as node-pairs.
d. A new Gen6 or PowerScale F200/600/900 cluster installation can
use either InfiniBand or Ethernet for the internal network. Use
caution as the ports look identical and damage occurs if incorrect
cables are inserted.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 56

PowerScale Management Interfaces

Scenario

It is important to know the differences between each connection interface

that is used to manage the PowerScale cluster. The manager must
confirm that each administrator knows the proper use of the connections
available, and when to use the isi command structure.

Management Interfaces Overview

The OneFS management interface is used to perform various

administrative and management tasks on the PowerScale cluster and

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 57

PowerScale Management Interfaces

nodes. Management capabilities vary based on which interface is used.

The different types of management interfaces in OneFS are:

• Serial Console23
• Web Administration Interface (WebUI)24
• Command Line Interface (CLI)25
• Platform Application Programming Interface (PAPI)26
• Front Panel Display27
• iDRAC/IPMI28

23 The serial console is used for initial cluster configurations by

establishing serial access to the node designated as node 1.
24 The browser-based OneFS web administration interface provides

secure access with OneFS-supported browsers. This interface is used to

view robust graphical monitoring displays and to perform cluster-
management tasks.
25 The command-line interface runs "isi" commands to configure, monitor,

and manage the cluster. Access to the CLI is through a secure shell (SSH)
connection to any node in the cluster
26 The customer uses the OneFS application programming interface (API)

to automate the retrieval of the most detailed network traffic statistics. It is

divided into two functional areas: One area enables cluster configuration,
management, and monitoring functionality, and the other area enables
operations on files and directories on the cluster.
27 The Front Panel Display is located on the physical node or chassis. It is

used to perform basic administrative tasks onsite.

28 integrated Dell Remote Access Controller. For iDRAC, the RJ45 (1

GbE) connects to the external network switch. Caution is recommended

when using iDRAC as some iDRAC features and functionality are
accessible with the iDRAC interface, but are not supported. OneFS only

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 58

PowerScale Management Interfaces

Serial Console Video

Movie:

The web version of this content contains a movie.

OneFS Serial Console Overview video

External player for the video. The transcript of the video is in the course
guide.

Link:
https://edutube.dell.com/Player.aspx?vno=KjBgi9m8LmZLw58klDHmOA=
=&autoplay=true

Four options are available for managing the cluster. The web
administration interface (WebUI), the command-line interface (CLI), the
serial console, or the platform application programming interface (PAPI),
also called the OneFS API. The first management interface that you may
use is a serial console to node 1. A serial connection using a terminal
emulator, such as PuTTY, is used to initially configure the cluster. The
serial console gives you serial access when you cannot or do not want to
use the network. Other reasons for accessing using a serial connection

supports the following IPMI commands with the iDRAC interface:●

Shutdown (power off)● Reboot (power cycle)● Startup (power on)● Power
Status (read-onlyNote: iDRAC applies only to F900, F600, and F200 node
types.OneFS v9.0 and later provides support for IPMI, the Intelligent
Platform Management Interface protocol. IPMI allows out-of-band console
access and remote power control across a dedicated ethernet interface
via Serial over LAN (SoL). As such, IMPI provides true lights-out
management for PowerScale F-series all-flash nodes and Gen6 H-series
and A-series chassis without additional rs-232 serial port concentrators.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 59

PowerScale Management Interfaces

may be for troubleshooting, site rules, a network outage, and so on.

Shown are the terminal emulator settings.

The configuration Wizard automatically starts when a node is first powered

on or reformatted. If the Wizard starts, the menu and prompt are displayed
as shown. Choosing option 1 steps you through the process of creating a
cluster. Option 2 will exit the Wizard after the node finishes joining the
cluster. After completing the configuration Wizard, running the isi
config command enables you to change the configuration settings.

Web Administration Interface (WebUI)

The WebUI is a graphical interface that is used to manage the cluster. The
WebUI requires at least one IP address that is configured to be on one
external Ethernet port of each node. To access the WebUI from another
system, an Internet browser is used to connect to port 8080.29

Example browser URLs:

• https://192.168.3.11:8080
• https://delledu.lab:8080

29 The user must log in using the root account, admin account, or an
account with log-on privileges. After opening the web administration
interface, there is a four-hour login timeout. The WebUI supports multiple
browsers including Microsoft Edge, Mozilla Firefox, Google Chrome, and
Apple Safari.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 60

PowerScale Management Interfaces

The OneFS WebUI dashboard for the root user.

Command Line Interface (CLI)

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 61

PowerScale Management Interfaces

The CLI can be accessed in two ways: Out-of-band30 and In-band31. Both
methods are done using any SSH client such as OpenSSH or PuTTY.
Access to the interface changes based on the assigned privileges.

OneFS commands are code that is built on top of the UNIX environment
and are specific to OneFS management. You can use commands together
in compound command structures combining UNIX commands with
customer facing and internal commands.

The graphic shows the OneFS CLI access using one of the cluster nodes.

1: The default shell is zsh.

30 Accessed using a serial cable that is connected to the serial port on the
back of each node. As many laptops no longer have a serial port, a USB-
serial port adapter may be needed.
31 Accessed using an external IP address that is configured for the cluster.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 62

PowerScale Management Interfaces

2: OneFS is built upon FreeBSD, enabling use of UNIX-based commands,

such as cat, ls, and chmod. Every node runs OneFS, including the many
FreeBSD kernel and system utilities.

3: Connections use Ethernet addresses.

4: OneFS supports management isi commands as not all administrative

functionalities are available using the WebIU.

5: The CLI command use includes the capability to customize the base
command with the use of options, also known as switches and flags. A
single command with multiple options results in many different
permutations, and each combination results in different actions performed.

6: The CLI is a scriptable interface. The UNIX shell enables scripting and
execution of many UNIX and OneFS commands.

CLI Usage

The example shows the help option used for the isi status command.

The man isi or isi --help command is an important command for a

new administrator to get familiar with all CLI commands. These
commands provide an explanation of the available isi commands and

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 63

PowerScale Management Interfaces

command options. For a basic description of any command and its

available options, type the -h option after the command.

Deep Dive: For a complete listing of CLI usage and

commands, search the PowerScale OneFS Info Hubs by
software version, then find the OneFS CLI Administration
Guide and the CLI Command Reference Guide.

isi config

The isi config command, pronounced "izzy config," opens the

configuration console. The console contains configured settings from the
time the Wizard started running.

Use the console to change initial configuration settings. When in the isi
config console, other configuration commands are unavailable. The
exit command is used to go back to the default CLI.

The isi config subsystem.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 64

PowerScale Management Interfaces

Platform Application Programming Interface (PAPI)

The OneFS Application Programming Interface, or OneFS API, is a secure

and scriptable32 interface for managing the cluster. HTTPS is used in API
to encrypt communications. OneFS applies authentication and RBAC
controls to API commands to ensure that only authorized commands are
run.

Deep Dive: See the PowerScale OneFS Info Hubs and then
find the OneFS API Reference Guide under the proper
OneFS software version.
Access the Dell PowerScale API Developer Portal for full
API documentation.

32A chief benefit of PAPI is its scripting simplicity, enabling customers to

automate their storage administration.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 65

PowerScale Management Interfaces

Front Panel Display

Front Panel Display of a Gen6 chassis.

• The Gen6 front panel display is an LCD screen with five buttons that
are used for basic administration tasks33.
• The interface consists of the LCD screen, a round ENTER button for
making selections, and four arrow buttons for navigating menus. There
are four LEDs across the bottom of the interface that indicate which
node is being communicated with. To change the communication to
another node, use the arrow buttons.

Column 2

33 Some of them include: adding the node to a cluster, checking node or

drive status, events, cluster details, capacity, IP, and MAC addresses.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 66

PowerScale Management Interfaces

Front Panel Display of PowerScale All-Flash nodes.

• The front panel for PowerScale All-Flash nodes has limited

functionality34 compared to the Gen6 nodes.
• The interface consists of LCD screen, two arrows (left and right) for
navigation, and a selection button between the arrows.

Challenge

Lab Assignment: Launch the lab image and connect to the cluster using
the WebUI and the CLI.

34 You can join a node to a cluster and the panel displays the node name
after the node has joined the cluster. The LCD display provides system
information, status, and error messages to indicate that the system is
functioning correctly or requires attention.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 67

Common Cluster Operations

Scenario

After completing the overview of the PowerScale system, the different

nodes, and network and access connectivity, it is time to begin managing
the cluster. The IT manager indicated that two new nodes were added to
their cluster. The nodes are racked, cabled, and powered on. The
manager asks to confirm the OneFS licensing before adding the nodes to
the cluster.

Licensing

A license file contains a record of the active cluster software licenses and
the cluster hardware. One copy of the license file is stored in the Dell
Software Licensing Central repository, and another copy is stored on the
cluster. Both license files must match.

All PowerScale software and hardware must be licensed through Dell

Technologies Software Licensing Central (SLC).

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 68

Common Cluster Operations

License overview

Using the OneFS WebUI, go to Cluster Management > Licensing to

view the license status of a newly created cluster. After licensing OneFS
and any software modules, the details are updated and listed on this page.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 69

Common Cluster Operations

Activation Wizard

Using the Activation Wizard, administrators create an activation file for

selected software modules to be licensed. OneFS updates a license
automatically35 or manually36.

This process is the same for software to be uninstalled.

• Choose software modules

• Create the activation file

After the activation file is generated, submit the file to Dell SLC to receive
back a signed license file for the cluster.

35 The automated process to update a license file requires that

SupportAssist is connected to Dell Technologies Support and that the
remote support option is enabled.
36 The manual process requires generating an activation file, submitting

the activation file to Dell SLC, and then uploading an updated license file
to your cluster.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 70

Common Cluster Operations

Trial Licenses

Activating a trial license allows the evaluation and access to features

provided of optional software modules for 90 days.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 71

Common Cluster Operations

Go to: The Licensing section of the OneFS Web

Administration Guide on the PowerScale OneFS Info Hubs
for more details.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 72

Common Cluster Operations

Device ID and Logical Node Number

Changing LNN 3 to LNN 5 to maintain the sequential numbering of the nodes.

There are two different numbers that identify a node. The numbers are the
device ID and logical node number or LNN.

The status advanced command from the isi config sub-menu

shows the LNNs and device ID.

The lnnset command is used to change an LNN.

When a node joins a cluster, it is assigned a unique node ID number. If a

node is removed from the cluster and then rejoined to the cluster, the
node is assigned a new device ID.

To change an LNN, use the configuration console in the CLI. To change

the LNN to maintain the sequential numbering of the nodes use lnnset
<OldNode#> <NewNode#>.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 73

Common Cluster Operations

Adding Nodes to Cluster

When adding new nodes to a cluster, the cluster gains more CPU,
memory, and disk space. The methods for adding a node are:
• Front panel
• Configuration Wizard using serial connection
• WebUI
• CLI

Join the nodes in the order that the nodes should be numbered.

Nodes are automatically assigned node numbers and IP addresses on the

internal and external networks. A node joining the cluster with a different
OneFS version is automatically reimaged to match the OneFS version of
the cluster. A reimage may take up to 5 minutes.

Compatibility

Hardware compatibility is important when combining dissimilar

PowerScale All-Flash nodes. For example, when adding a single F200
node with 48 GB RAM to an F200 node pool that has nodes with 96 GB of

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 74

Common Cluster Operations

RAM. Without compatibility, a minimum of three F200 nodes with 48 GB

RAM are required, which creates a separate node pool.

Node series compatibility depends upon the amount of RAM, the SSD
size, number of hard drive, and the OneFS version.

Go to: The PowerScale OneFS Info Hub for OneFS 9.5

contains the PowerScale Supportability and Compatibility
Guide. This guide covers software, protocols, and hardware.

Maintenance Node Operations

Remove a Node

OneFS protects data, stored on failing nodes or drives, through a process

called smartfailing. OneFS smartfails devices as a last resort.

• SmartFail can be started manually and removes37 one node at a time

from the cluster.
• The nodes are removed from the cluster node list when the process
completes38.

37Before smartfailing multiple nodes, consider whether the cluster has

enough free space to maintain protection on the data in the cluster.
Removing too many nodes causes the cluster to lose quorum. Data is
restriped to other nodes in the cluster as part of the process.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 75

Common Cluster Operations

• Once the node has been reformatted, it can be added back39 into the
cluster or into another cluster.
• Use these commands40 to stop Smartfail.

Movie:
The web version of this content contains a movie.
The video shows how to remove a node from the cluster using the WebUI.

Reformat a Node

• Reformatting a node is the quickest way to return a node to an

unconfigured state. Reformatting does not remove the node from the
cluster completely unless SmartFail has run over the node.
Reformatting retains the current OneFS version that is installed on the
node.

38 If the node is still connected to the back-end network when the process
completes, it automatically initiates a reformat - otherwise, it can be
reformatted manually.
39 The use cases are to remove older nodes during a life-cycle technology

refresh. First, to move a node from one cluster to another cluster. Second,
if PowerScale Support has identified a critical hardware failure.
40 1) 'isi devices node stopfail' command is used to discontinue the

smartfail process on a node. 2) 'isi config' followed by the command

'Innset' is used to modify the logical node number (LNN) of a node.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 76

Common Cluster Operations

• All data and configuration information are destroyed when

reformatting.41
• Reformatting a node - Use case42

Movie:
The web version of this content contains a movie.
The video shows the reformat option.

Reimage a Node

Reimaging a node can:

• Perform the same node reset functionality as reformatting the node.43

• Use a USB flash drive, or by copying the OneFS44 install file locally on
the node.

41 Do not reformat unless certain it should be run, the node contains no

data, or the data can be destroyed without issues. For example, because
the node was successfully smart failed.
42 A use case for reformatting a node is when the node requires resetting

or repurposing. For example, when testing cluster nodes, this performs a

reset quickly, so the nodes are ready for other testing. Another use case
example is when destroying a cluster to reset it to prepare a SyncIQ
failback for SmartLock or WORM directories. WORM directories cannot be
overwritten, they can only be removed by reformatting the cluster. This
also applies to enterprise SmartLock directories and compliance
SmartLock directories. If SyncIQ has not been configured, these
considerations do not apply.
43 The difference between reformatting and reimaging a node is that the

OneFS operating system is reinstalled during the reimaging process.

Connect to the reimaging node over the console port or an SSH session.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 77

Common Cluster Operations

Download the reimaging bundle for USB flash drive from the PowerScale
OneFS Drivers and Downloads support site.

Export cluster
configuration

Cluster configuration backup and restore

The import cluster configuration feature supports restore and automatic

cluster setup scenarios, and the export cluster configuration supports
backup and auditing scenarios.

The configuration backup and restore feature provides two major

functions:
• Full OneFS cluster-wide configuration backup
• Full OneFS cluster-wide configuration restore

The import or export feature enables creating a definition of what a cluster

should be (from backup or template) and apply that definition to a cluster
(for restoration purposes), where the backup is generated or, to other
clusters with the same hardware configuration. The definition to the cluster
is indicated with specific variables, such as cluster name, node names,
and IP addresses. The variables are modified on a per cluster basis.

OneFS supports the backup and restore of http, quota, snapshot, nfs,
smb, s3, ndmp configurations.

Select to learn how to Create an Export Task.

44Copy the OneFS install file to the node and run the "isi_reimage"
command to reimage a node without using a flash drive.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 78

Common Cluster Operations

Deep Dive: For more information about backup and

restore, see the OneFS 9.5.0.0 CLI Administration Guide
and the CLI Command Reference Guide, on the OneFS
9.5.0.0 Documentation - PowerScale Info Hub.

Caution: Only remove, reformat, or reimage a node that is

not a member of a cluster. Reimaging includes a node
requiring a new installation of OneFS, or a node that has run
SmartFail over it and was removed from an active cluster.
As when reformatting, reimaging a node erases all data. It is
recommended to first consult Dell Technologies Support.

Cluster Shutdown

Using the Configuration Wizard to shut down node 4

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 79

Common Cluster Operations

Administrators can restart or shut down the cluster using the WebUI45 or
the CLI46.

Caution: Do not shut down nodes using the UNIX

shutdown –p command, halt command, or reboot
command. Using the UNIX command may result in RAM not
flushing properly.

Activity: Additional Nodes.

The web version of this content contains an interactive activity.

Challenge

Lab Assignment: Launch the lab and add a node using the Configuration
Wizard and add a node using the WebUI.

45 The WebUI Hardware page has a tab for Nodes to shut down a specific
node, or the Cluster tab to shut down the cluster.
46 Native UNIX commands do not elegantly interact with OneFS, because

the OneFS file system is built as a separate layer on top of UNIX.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 80

OneFS Directory Structure

Scenario

Any organization implementing or migrating their workflow to PowerScale

must carefully design the system in terms of capacity, performance, and
manageability. The IT Manager instructed the company to create its file
system to efficiently manage the data in the cluster. The administrator is
tasked to design a directory structure that optimizes cluster performance,
administration ease, and efficiency. A primary recommendation is that
data should be saved in directories below the root /ifs file path and not
in the root itself.

Directory Structure Overview

The directory structure is a two-dimensional construct that organizes files

into a hierarchy of folders.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 81

OneFS Directory Structure

• The structure should be fixed and scalable.

• One top-level organizational construct can only be subdivided in a
limited way.

At the core of OneFS, is the single file system across the cluster (/ifs).
The single file system in practice is a common directory structure.

OneFS Integrated Directories

The graphic shows the OneFS integrated directories.

When initializing a new cluster, the OneFS installation process creates

three directories under the clustered file system root, /ifs:

• /ifs/data47
− Avoid modifying /ifs/data/Isilon_Support, which is created
the first time the isi_gather_info command is run to collect
cluster logs.
• /ifs/home48
• /ifs/.ifsvar49

47 Directory for departmental and organization-level data.

48 End-user home directories

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 82

OneFS Directory Structure

Using a single file system starting with a newly created directory under
/ifs is recommended.

• For example, in the simplest form, creating /ifs/engineering is

where the engineering department data is the top-level directory for the
engineering organization.

Directory Structure Tiering

The graphic shows the recommended directory structure.

Caution: Having none, or a poor directory structure design

upfront, can lead to a disruptive activity when the end user
is required to fix the structure.

49SyncIQ report files are stored in this directory. Do not use for general
storage.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 83

OneFS Directory Structure

Go to: See the PowerScale OneFS Best Practices white

paper on the Dell Technologies Storage site.

Directory Structure Design Process

Defining the directory structure enables the creation of pools and group
data with common characteristics. A defined directory structure allows
servicing each group of data based on the class of service requirements.
Having a defined structure at the onset of an implementation avoids
repetitive work and streamlines configurations.

The following are areas to consider when planning and implementing a

directory structure.
• Identify and group the data50.
• Create a deep directory hierarchy51 over a shallow subdirectories
structure.
• While the recommended maximum file limit per directory is one million,
a best practice is to constrain that number to 100,00052.
• Use nodes with SSDs to better handle storing many files in a directory.

50 For instance, group by business unit, department, project,

organizational requirements, or workflow demands.
51 A deep directory hierarchy that consolidates files in balanced

subdirectories is more efficient than spreading files out over a shallow

subdirectory structure.
52 A maximum of 100,000 directories per directory is also recommended.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 84

OneFS Directory Structure

• Store unrelated data in separate directories.

• Past, present, and future requirements and plans53.

A directory structure should be in place before a cluster installation,

defining any configuration on the cluster, or file transfers occur.

Go to: See Considerations and Best Practices for Large

PowerScale Clusters on the Dell Technologies Storage site,
and PowerScale: Home Directory Storage Solutions for NFS
and SMB Environments white paper for more information.

53For instance: compliance mode, backup systems, large file support, and
quotas.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 85

OneFS Directory Structure

Directory Structure Example 1

An example of a designed directory structure.

Use case:
• A company named X-Attire plans to implement a single cluster for their
engineering team.
• The customer does not plan to have another cluster for remote disaster
recovery.
• The company name or authentication domain name is used as the
access zone name (x-attire).

Access zones are covered in another topic.

Directory Structure Example 2

Use case:
• X-Attire plans to implement a disaster recovery solution.
• X-Attire wants to replicate the Boston/homedirs directory to the
Seattle data center.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 86

OneFS Directory Structure

• From the Seattle DC, they plan to replicate the /groupdir directory to
Boston.
• Having the directory structure designed up front makes the
implementation easier.

SyncIQ is covered in another topic.

Directory Structure Permissions

On the /ifs directory, do not set inherited ACLs and do not propagate
ACL values.

Permissions on levels 1 through 5 are customer-specific and you should

define the appropriate permissions and inherited permissions starting at
the appropriate level.

ACLs and POSIX mode bits are covered in other topics.

The table shows the recommended permissions at each directory tier.

Level 0 Level 1 Level 2 Level 3 Level 4 Level 5

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 87

OneFS Directory Structure

/ifs /clusternam /accesszon /pool /pod /share

e e

Ownershi Ownership Ownership Ownershi Ownershi Ownershi

p p p p

0:0 0:0 0:0 0:0 Manually Manually

set or set or
inherited inherited
from from
migration migration

POSIX POSIX Bits POSIX Bits POSIX POSIX POSIX

Bits Bits Bits Bits

777 755 755 755 Manually Manually

set or set or
inherited inherited
from from
migration migration

ACL Type ACL Type ACL Type ACL Type ACL Type ACL Type

Synthetic Synthetic Synthetic Synthetic Genuine Genuine

ACL ACL ACL ACL or or
Synthetic Synthetic
ACL ACL

Activity: OneFS Directory Structure

The web version of this content contains an interactive activity.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 88

OneFS Directory Structure

Challenge

Lab Assignment: Go to the lab and build the base directories. The base
directories are used throughout the implementation of the PowerScale
cluster.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 89

Access Administration

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 90

OneFS Directory Structure

Access Administration

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 91

Authentication Providers

Scenario

Before clients can access files that are stored on the cluster, they must be
authenticated.

The IT manager has tasked the administrator to add authentication

providers to the PowerScale cluster. The administrator must know the
supported authentication providers and configuring the NTP service.

Authentication Providers Overview

The authentication process takes place through providers such as Active

Directory (AD) or LDAP. OneFS also offers a local provider, where users
are manually added to OneFS but are only available on the local cluster54.

54 Another local option is file provider, where a file is uploaded with user
information and can also contain UNIX user and group information from
other systems. The same file can be uploaded to other clusters, but the
file must be manually updated on each cluster.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 92

Authentication Providers

Authentication settings for the clusters are managed using an

authentication provider. OneFS supports several authentication
providers55. The external authentication providers include Active Directory,
LDAP, and NIS. Internal authentication providers include the Local
provider and File provider.

1: Active Directory is a Microsoft implementation of Lightweight Directory

Access Protocol (LDAP), Kerberos, and DNS technologies that can store
information about network resources.

2: The Lightweight Directory Access Protocol (LDAP) is a networking

protocol that enables you to define, query, and modify directory services
and resources.

3: The Network Information Service (NIS) provides authentication and

identity uniformity across local area networks. OneFS includes a NIS
authentication provider that enables the integration of the cluster with the
NIS infrastructure. NIS can authenticate users and groups when they
access the cluster.

4: Kerberos is a network authentication provider that negotiates encryption

tickets for securing a connection. OneFS supports Microsoft Kerberos and
MIT Kerberos authentication providers on a cluster.

55Most providers use UIDs (users ID), GIDs (group ID) and SIDs (security
ID).

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 93

Authentication Providers

If configuring an Active Directory provider, support for Microsoft Kerberos

authentication is provided automatically. MIT Kerberos works
independently of Active Directory.
The MIT Kerberos authentication provider is used with NFS, HTTP, and
HDFS.

5: The local provider provides authentication and lookup facilities for user
accounts added by an administrator.
Local authentication is useful when AD, LDAP, or NIS directory services
are not configured or when a specific user or application needs access to
the cluster.

6: A file provider enables admins to supply an authoritative third-party

source of user and group information to a PowerScale cluster.
A third-party source is useful in UNIX and Linux environments that
synchronize the /etc/passwd, /etc/group, and etc/netgroup files
across multiple servers.

Authentication Provider Structure

The lsassd, pronounced “L-sass-D,” is the OneFS authentication

daemon.

lsassd is between the access protocols and the lower-level services

providers.

The lsassd daemon mediates between the authentication protocols that

clients use and the authentication providers below the access zones.

The authentication providers check their data repositories, which are

shown on the bottom row. The process determines user identity and
subsequent access to files.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 94

Authentication Providers

Access control architectural components that show two configured access zones.

Active Directory Overview

Active Directory can serve many functions, but the primary reason for
joining the cluster to an Active Directory domain is to perform user and
group authentication.

To join the cluster to AD, specify the fully qualified domain name, which
can be resolved to an IPv4 or an IPv6 address, and a username with join
permission. Areas to consider:
• Creates a single AD machine account
• Establishes trust relationship
• Supports NTLM and Microsoft Kerberos
• Each Active Directory provider must be associated with a groupnet
• Adding to an access zone
• Multiple AD instances

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 95

Authentication Providers

Best Practice: For greater security and performance, it is

recommended that you implement Kerberos, according to
Microsoft guidelines, as the primary authentication protocol
for Active Directory.

When the cluster joins an AD domain, OneFS creates a single AD

machine account. The machine account establishes a trust relationship
with the domain and enables the cluster to authenticate and authorize
users in the Active Directory forest. OneFS supports NTLM and Microsoft
Kerberos for authentication of Active Directory domain users. You can add
an Active Directory provider to an access zone as an authentication
method for clients connecting through the access zone. The access zone
and the Active Directory provider must reference the same groupnet.
OneFS supports multiple instances of Active Directory on a PowerScale
cluster; however, only one Active Directory provider can be assigned per
access zone.

Active Directory Configuration Videos

Each video shows a demonstration of configuring Active Directory as an

authentication provider using either the CLI or WebUI.

Movie:

The web version of this content contains a movie.

Movie:

The web version of this content contains a movie.

See the student guide for a transcript of the videos or view in eduTube
and download the transcripts.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 96

Authentication Providers

Network Time Protocol (NTP) Overview

NTP configured on the cluster.

The NTP method automatically synchronizes cluster date and time

settings through an NTP server. Alternatively, set the date and time
reported by the cluster by manually configuring the service. If there are no
external NTP servers that are configured, OneFS uses the Windows
domain controller as the NTP time server.

• Synchronize to NTP source56

• Cluster time properties57

56The easiest method is to synchronize the cluster and the authentication

servers all to the same NTP source.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 97

Authentication Providers

• Synchronize issues58
• SMB time59
• Node time60

Important: When the cluster and domain time become out

of sync by more than four minutes, OneFS generates an
event notification. If out of sync by more than five minutes,
authentication does not work.

NTP Configuration

Configure specific chimer nodes by excluding other nodes using the

isi_ntp_config {add | exclude} <node#> command.

57 The cluster time property sets the date and time settings, either
manually or by synchronizing with an NTP server. After an NTP server is
established, setting the date or time manually is not allowed.
58 After a cluster is joined to an AD domain, adding an NTP server can

cause time synchronization issues. The NTP server takes precedence

over the SMB time synchronization with AD and overrides the domain time
settings on the cluster.
59 SMB time is enabled by default and is used to maintain time

synchronization between the AD domain time source and the cluster.

60 Nodes use NTP between themselves to maintain cluster time. When the

cluster is joined to an AD domain, the cluster must stay synchronized with

the time on the domain controller.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 98

Authentication Providers

The list excludes nodes using their node numbers that are separated by a
space.

LDAP Overview

OneFS authenticates users and groups against an LDAP repository to

grant them access to the cluster. OneFS supports Kerberos authentication
for an LDAP provider.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 99

Authentication Providers

Each LDAP entry61 has a set of attributes62.

The LDAP service supports the following features:

• Users, groups, and netgroups.
• Configurable LDAP schemas63.
• Redundancy and load balancing across servers with identical directory
data.
• Multiple LDAP provider instances for accessing servers with different
user data.
• Encrypted passwords.
• IPv4 and IPv6 server URIs.
• Each LDAP provider must be associated with a groupnet.64

61 Each entry consists of a distinguished name, or DN, which also contains

a relative distinguished name (RDN). The base DN is also known as a
search DN because a given base DN is used as the starting point for any
directory search.
62 Each attribute has a name and one or more values that are associated

with it that is similar to the directory structure in AD.

63 The ldapsam schema allows NTLM authentication over the SMB

protocol for users with Windows-like attributes.

64 Add an LDAP provider to an access zone as an authentication method

for clients connecting through the access zone. An access zone may
include at most one LDAP provider. The access zone and the LDAP
provider must reference the same groupnet.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 100

Authentication Providers

LDAP WebUI and CLI Configuration Videos

The videos provide a demonstration of the configuration tasks for an

LDAP authentication provider using the WebUI or CLI.

Important: The videos show an older version of OneFS UI.

The new OneFS 9.5 version has UI changes, but the
functionality of all elements remains the same.

Movie:

The web version of this content contains a movie.

Movie:

The web version of this content contains a movie.

See the student guide for a transcript of the videos or view in eduTube
and download the transcripts.

Link:
https://edutube.dell.com/Player.aspx?vno=JKBFLVJaUoqGz8DJmH4zqg=
=&autoplay=true

In this demonstration, we’ll go through the steps needed to configure

LDAP for the PowerScale cluster. Let us navigate to Access and then to
Authentication providers page. Next, select the LDAP tab. Now click the
Add an LDAP provider button.

For this demonstration, I am only showing the barest configuration. Let us

give our LDAP a provider name. Next, I will enter the URI to the LDAP
server. You must configure a base distinguished name. Often issues
involve either misconfigured base DNs or connecting to the LDAP server.
The top-level names almost always mimic DNS names; for example, the
top-level Isilon domain would be dc=isilon, dc=com for Isilon.com. Our
environment is DEES and lab.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 101

Authentication Providers

Shown is the CLI equivalent command used to configure LDAP. To

display a list of these commands, run the isi auth ldap create -h
command at the CLI. And that is the most basic configuration.

Now, before connecting to an LDAP server you should decide which

optional customizable parameters you want to use. If there are any issues
while configuring or running the LDAP service, there are a few commands
that can be used to help troubleshoot. The ldapsearch command runs
queries against an LDAP server to verify whether the configured base DN
is correct. The tcpdump command verifies that the cluster is
communicating with the assigned LDAP server.

You have the option to enter a netgroup. A netgroup, is a set of systems

that reside in a variety of different locations, that are grouped together and
used for permission checking. For example, a UNIX computer on the 5th
floor, six UNIX computers on the 9th floor, and 12 UNIX computers in the
building next door, all combined into one netgroup.

Select the Add LDAP Provider button. After the LDAP provider is
successfully added, the LDAP providers page displays a green status.
This means that the cluster can communicate with the LDAP server. Note
that AD and LDAP both use TCP port 389. Even though both services can
be installed on one Microsoft server, the cluster can only communicate
with one of services if they are both installed on the same server. This
concludes the demonstration.

Activity: Authentication-Active Directory

The web version of this content contains an interactive activity.

Challenge

Lab Assignment:

• Join the cluster to Active Directory

• Configure the cluster for LDAP

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 102

Authentication Providers

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 103

Access Zones

Scenario

OneFS Access Zones provide secure, isolated storage pools for each
division within an organization, or even different tenants. Having their own
separate access zone allows consolidation of storage resources without
compromising security.

The cluster is configured for LDAP and Active Directory, and now it is time
to configure an access zone for two departments, finance, and
engineering. Finance is a Windows environment and engineering is a
Linux environment. Before configuring access zones, the IT manager
wants to ensure the administrator understands access zones and what
they do.

Access Zone Overview

Access zones define access to a PowerScale cluster, creating boundaries

for multitenancy or multiprotocol. They permit or deny access to areas of
the cluster. At the access zone level, authentication providers are also
provisioned.

This video provides an overview for access zones. See the student guide
for a transcript of the video.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 104

Access Zones

Movie:

The web version of this content contains a movie.

Important: The video demonstration displays and older

version of the OneFS UI. The new OneFS 9.5 version has UI
changes, but the functionality of all elements remains the
same.

https://edutube.dell.com/html5/videoPlayer.htm?vno=ju12CFZ0f+Z0Dv2lN
0VQRw

Although the default view of a cluster is that of one physical machine, you
can partition a cluster into multiple virtual containers called access zones.
Access zones enable you to isolate data and control who can access data
in each zone. Access zones support configuration settings for
authentication and identity management services on a cluster. Configure
authentication providers and provision protocol directories, such as SMB
shares and NFS exports, on a zone-by-zone basis. Creating an access
zone, automatically creates a local provider, which enables you to
configure each access zone with a list of local users and groups. You can
also authenticate through a different authentication provider in each
access zone.

Access Control Architectural Components

The OneFS identity management maps users and groups from separate
directory services to provide a single combined identity. It also provides
uniform access control to files and directories, regardless of the incoming
protocol.

The table defines the components of access zones.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 105

Access Zones

External Protocols

Clients use the external access protocols to connect to the PowerScale

cluster. The supported protocols are SMB, NFS, S3, HTTP, FTP, HDFS,
and SWIFT.

lsassd Daemon

The lsassd (L-sass-d) daemon mediates between the external protocols

and the authentication providers, with the daemon contacting the external
providers for user lookups.

External Providers

Besides external protocols, there are also external authentication

providers. External directories hold lists of users that the internal providers
contact to verify user credentials. Once a user identity has been verified,

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 106

Access Zones

OneFS generates an access token. The access token is used to allow or

deny a user access to the files and folders on the cluster.

Internal Providers

Internal providers sit within the cluster operating system and are the Local,
or File Providers.
• File provider - authoritative third-party source of user and group
information.
• Local provider - provides authentication and lookup facilities for user
accounts added by an administrator.
• Local provider automatically created in access zone.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 107

Access Zones

Access Control Architecture

Administrators configure the access zone through the System access

zone. Each access zone has its own authentication providers configured.
The best practice is to have a single instance of an authentication provider
for each access zone.

Once the client is at the front-end interface65, the associated access zone
then authenticates the client against the proper directory service. Once
authenticated to the cluster, mode bits and access control lists, or ACLs,
dictate the files, folders, and directories that clients can access.

65Access zones do not dictate which front-end interface the client

connects to. Access zones only determine what directory is queried to
verify authentication and the shares that the client can view.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 108

Access Zones

OneFS Multiple Provider Support

OneFS supports multiple instances of Active Directory on a PowerScale

cluster; however, you can assign only one Active Directory provider per
access zone. OneFS allows multiple LDAP, NIS, and file authentication
providers in each access zone. You can configure each access zone with
its own authentication providers, zone aware protocols, and associated
SmartConnect IP address pools.

SMB shares bound to an access zone are only accessible to users

connecting to the SmartConnect zone or IP pool that aligns to the access
zone. Assigning SMB authentication and access is done on the access
zone.

Important: If connecting the cluster to multiple AD

environments (untrusted), only one of these AD providers
can exist in a zone at one time.

Access Zone Planning - Base Directory

A base or root directory defines the tree structure of the access zone.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 109

Access Zones

The access zone cannot grant access to any files outside of the base
directory, creating a unique namespace.

Using access zones is the recommended method of separating data.

However, a few workflows can benefit from having one access zone being
able to see the dataset of another access zone.

1: Separate authentication from /ifs/eng access zone.

2: Access zone base directory for eng only.

3: The /ifs/eng/hardware directory can be a base directory for another

access zone. This is not a good practice.

4: The /ifs/eng base directory partitions data from the /ifs/dvt directory.

5: The base directory of the default System access zone is /ifs and cannot
be modified. Avoid using the OneFS built-in directories as base
directories.

Tip: OneFS supports overlapping data between access

zones for cases where your workflows require shared data.
However, the added complexity to the access zone
configuration might lead to future issues with client access.
For the best results from overlapping data between access
zones, it is recommended that the access zones also share
the same authentication providers.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 110

Access Zones

Overlapping example: Creating a /ifs/eng/hardware for the access

zone base, which is inside the eng access zone base directory.
Overlapping access zones enables the eng workers to put data on a
cluster, while enabling the dvt workers to take that data and use it. When
you set it up this way, you maintain the different authentication contexts
while enabling the second group access.

Access Zone Configuration

These demonstrations provide a look at access zone configuration using

the WebUI or CLI.

Movie:

The web version of this content contains a movie.

Movie:

The web version of this content contains a movie.

Access Zone Considerations

Areas to consider when configuring and discussing access zones.

• The number of access zones should not exceed fifty. The number of
local users and groups per cluster should not exceed 25,000 for each.
• Access zones and authentication providers must be in only one
groupnet.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 111

Access Zones

• Authentication sources are joined to the cluster and "seen" by access

zones - multiple instances of the same provider in different access
zones is not recommended.66
• Authentication providers are not restricted to one specific zone.
• Only join AD providers not in same forest (untrusted forest).
• Shared UIDs in same zone can potentially cause UID/GID conflicts.
• You can overlap data between access zones for cases where
workflows require shared data - however, overlapping adds complexity
that may lead to issues with client access.

Access Zone Best Practices

You can avoid configuration problems on the cluster when creating access
zones by following best practices guidelines.

Best Practice Details

Create unique base A root-based path provides data separation

directory. and multitenancy, maintains the Unified
Permission model, and makes SyncIQ
failover and failbacks easier.

66An access zone is limited to a single Active Directory provider; however,

OneFS allows multiple LDAP, NIS, and file authentication providers in
each access zone. It is recommended to assign only one type of each
provider per access zone to simplify administration.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 112

Access Zones

The System zone should Employ ZRBAC for zone administration.

only be used for global
admin management access
only.

Create zones to isolate data Do not isolate if workflow requires shared

for different clients. data.

Avoid overlapping UID/GID Potential for UID/GID conflicts if overlap in

ranges for providers in same zone.
same zone.

Configure an access zone An implementation with both NFS and SMB

for a specific protocol if access should have an access zone for the
multi-protocol access is not NFS access and another access zone for
needed. the SMB access.

Activity: Access Zones

The web version of this content contains an interactive activity.

Challenge

Lab Assignment: Create the access zones for the environment and add
the authentication providers to the access zones using the WebUI and
CLI.

Job Aid: Access Zone

Just the Basics. The access zone job aid shows the basic requirements
and commands.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 113

Access Zones

Data you must have to configure access zones:

• Path of the base directory
• What to name the access zone

Create the access zone base directory and access zone for the Sales
organization. Sales uses LDAP to authenticate users. Although the
example shows adding an authentication provider, an authentication
provider is not required to create the access zone.
1. Create the base directory for the Sales access zone:
mkdir -p /ifs/Divgen/sales

2. Configure the authentication provider if needed:

isi auth ldap create powerscale-ldap --base-
dn="dc=delledu,dc=lab" --server-
uris="ldap://192.168.1.4"

3. Create the access zone:

isi zone zones create sales /ifs/Divgen/sales --auth-

providers ldap:PowerScale-ldap

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 114

Groupnets

Scenario

Client computers connect to the cluster through the external network.

External network configuration is composed of groupnets, subnets, IP
address pools, and features node provisioning rules. Groupnets
simultaneously handle more than one set of networking configurations.
After configuring access zones, the next step is to understand the
groupnet networking component and determine when groupnets are
beneficial to configure.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 115

Groupnets

Network Configuration Planning

Groupnets reside at the top tier of the networking hierarchy and are the
configuration level for managing multiple tenants on your external network.

By default, OneFS builds Groupnet0, Subnet0, and Pool0.

Groupnets contain one or more subnets.

Subnets simplify external (front-end) network management and provide

flexibility in implementing and maintaining the cluster network.

A subnet can also be called the SmartConnet zone and contain one or
more pools. Pools enable more granular network configuration.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 116

Groupnets

Groupnets and Access Zones Video

This video provides an overview of the groupnet and access zone

relationship.

Movie:

The web version of this content contains a movie.

Important: The video demonstration displays older version of

OneFS UI. The new OneFS 9.5 version has UI changes, but
the functionality of all elements remain the same.

Link:
https://edutube.dell.com/Player.aspx?vno=b4A2l5FzF2na/Txqk2AUTA==&
attachments=true&autoplay=true

Because groupnets are the top networking configuration object, they have
a close relationship with access zones and the authentication providers.
Having multiple groupnets on the cluster means that you are configuring
access to separate and different networks, which are shown as org1 and
org2. Different groupnets enable portions of the cluster to have different
networking properties for name resolution. Configure another groupnet if
separate DNS settings are required. If necessary, but not required, you
can have a different groupnet for every access zone. The limitation of 50
access zones enables the creation of up to 50 groupnets.

When the cluster joins an Active Directory server, the cluster must know
which network to use for external communication to the external AD
domain. Because of this, if you have a groupnet, both the access zone
and authentication provider must exist within same groupnet. Access
zones and authentication providers must exist within only one groupnet.
Active Directory provider org2 must exist within the same groupnet as
access zone org2.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 117

Groupnets

Multi-Tenancy Overview

Groupnets are the configuration level for managing multiple tenants67 on

the external network of the cluster.

Multi-tenancy is the ability to host multiple organizations in a single cloud,

application, or storage device. Each organization in the environment is
called a tenant.

Each groupnet has its own authentication providers and IP addresses,

unique to that groupnet.

Each groupnet can designate up to three DNS servers to handle DNS

name resolution and each groupnet maintains its own DNS cache.

67 Even with no plans to use multi-tenancy, a good practice is to organize

data based on access zones. Organizing is for both security purposes and
to enable compartmentalization of failover by, for instance, AD domain.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 118

Groupnets

In the scenario, the solution must treat each business unit as a separate
and unique tenant with access to the same cluster. The graphic shows
how each organization has its own groupnet and access zone.

Multi-tenancy Considerations

Groupnets are an option for those clusters that will host multiple
companies, departments, or clients that require their own DNS settings.
Some areas to consider are:
• DNS settings are per groupnet
• Create another groupnet only if separate DNS settings required.
• In a multiple tenant solution, a share can span access zones.
Combining namespaces and overlapping shares is an administrative
decision.

Best Practice: Reserve the System zone for configuration

access and create additional zones for data access. Move
current data out of the System zone and into a new access
zone.

WebUI for Configuration

When creating new network tenants, the recommended process is:

1. Groupnet, create and specify nameservers.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 119

Groupnets

2. Access zone, create and associate with groupnet (must already be

created).
3. Subnet, create within groupnet (must already be created).
4. Address pool, create within subnet (must already be created) and
associate with access zone (must already be created).
5. Authentication provider, create and associate with groupnet (must
already be created).
6. Access zone, modify to add authentication provider.

Tip: Attempting this out of order may create other

challenges. For example, if an access zone has not already
been created in a groupnet, you will be unable to add an
address pool, since it requires an access zone to already be
present.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 120

Groupnets

Go to: The PowerScale OneFS Info Hubs and search for

the PowerScale OneFS Web Admin Guide for complete
details on each groupnet option.

CLI for Configuration

Like the WebUI, when using the CLI to create a groupnet with access
zones and providers in the same zone, create them in the proper order.

Order Function Command Syntax

1 Create groupnet isi network groupnets create <id> -

-dns-servers=<ip>
Example: isi network groupnets
create groupnet1 --dns-servers
192.168.1.2

2 Create isi auth ads create <Domain name> -

authentication -groupnet=<groupnet name>
providers Example: isi auth ads create --
name=adserver.gearitup.com --
groupnet=groupnet3

3 Create access isi zone zones create <name> <path>

zone --groupnet=<groupnet name>

4 Create subnet isi network subnets create <id>

<addr-family> {ipv4 | ipv6}
<prefixlen>

5 Create pool isi network pools create <id> --

access-zone=<zone name>

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 121

Groupnets

Tip: You cannot recreate an already defined subnet. A

defined subnet is only used once.

Go to: The PowerScale OneFS Info Hubs and search for

the PowerScale OneFS CLI Admin Guide and the
PowerScale OneFS CLI Command Reference Guide for
complete details CLI commands.

Configure Groupnets with WebUI and CLI videos

Each video shows a basic configuration of a groupnet.

Movie:

The web version of this content contains a movie.

Movie:

The web version of this content contains a movie.

Challenge

1. Under what conditions is it recommended to create a new groupnet?

a. Groupnet for each tenant when multiple tenants share the same
DNS server and number of tenants is less than 50.
b. Groupnet for each tenant when multiple tenants have different
DNS servers and number of tenants is less than 50.
c. Groupnet for each tenant when multiple tenants share the same
DNS server and number of tenants is more than 50.
d. Groupnet for each tenant when multiple tenants have different

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 122

Groupnets

DNS servers and number of tenants is more than 50.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 123

SmartConnect Foundations

Scenario

The IT manager is tracking the company's forecasted growth and is

concerned about burdening cluster resources. Some client connections
and workloads may interfere with other connections. The manager heard
about a feature called SmartConnect, available in PowerScale OneFS, but
does not know what it does. The administrator is tasked with learning
about SmartConnect, the benefits, and how to configure it on their system.

SmartConnect Overview Video

Movie:

The web version of this content contains a movie.

Important: The video demonstration displays an older version

of the OneFS UI. The new OneFS 9.5 version has UI
changes, but the functionality of all elements remain the
same.

Link:
https://edutube.dell.com/Player.aspx?vno=2xtwKNZ1xapC4+xrHKgV9w==
&attachments=true&autoplay=true

SmartConnect enables client connections to the storage cluster using a

single hostname or however many host names a company needs. It
provides load balancing and dynamic NFS failover and failback of client
connections across storage nodes to provide optimal utilization of the
cluster resources. SmartConnect eliminates the need to install client-side

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 124

SmartConnect Foundations

drivers, enabling administrators to manage large numbers of clients if a

system fails.

SmartConnect provides name resolution for the cluster. The cluster

appears as a single network element to a client system. Both cluster and
client performance can be enhanced when connections are more evenly
distributed.

SmartConnect simplifies client connection management. Based on user

configurable policies, SmartConnect Advanced applies intelligent
algorithms (as in, CPU utilization, aggregate throughput, connection count,
or Round-robin). SmartConnect distributes clients across the cluster to
optimize client performance. SmartConnect can be configured into
multiple zones that can be used to ensure different levels of service for
different groups of clients. SmartConnect can remove nodes that have
gone offline from the request queue, and prevent new clients from
attempting to connect to an unavailable node. Also, SmartConnect can be
configured so new nodes are automatically added to the connection
balancing pool.

In Isilon OneFS 8.2, SmartConnect supports connection service for 252

nodes.

SmartConnect Architecture and Multiple Tiers

Architecture

You can configure SmartConnect into multiple zones to provide distinct

levels of service for distinct groups of clients.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 125

SmartConnect Foundations

For example, SmartConnect directs X-Attire users to F200 flash nodes for
their needed performance. GearItUp users access the H700 nodes for
general-purpose file sharing. The zones are transparent to the users and
can only be used with authorized access.

The SmartConnect Service IPs68 (SSIP or SIP) are addresses that are
part of the subnet.

Multiple Tiers

Each SmartConnect zone is managed as an independent SmartConnect

environment, and each zone can have different attributes. For
environments with different workloads, having different SmartConnect
zones provides flexibility in allocating cluster resources.

68 Do not put the SIPs in an address pool. The SIPs are a virtual IP within
the PowerScale configuration, it is not bound to any of the external
interfaces.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 126

SmartConnect Foundations

Use case69.

The graphic shows a variation of the X-Attire example.

Graphic scenario example70.

69 Clients use one DNS name to connect to the performance nodes and
another to connect to the general use nodes. The performance zone could
use CPU utilization as the basis for distributing client connections, while
the general use zone could use Round-robin.
70 The Marketing video group uses the F200 flash nodes. X-Attire uses a

subnet and/or pool that targets high-performance servers, giving the users
a higher level of performance. X-Attire can use a second subnet and/or
pool with a different zone name for general use, often desktops, without
the high-performance needs. Each group connects to a different name
and gets specific levels of performance. This way, whatever the desktop
users are doing, it does not affect the performance to the cluster.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 127

SmartConnect Foundations

Tip: On the PowerScale Networking hub, also see the

PowerScale: Network Design Considerations white paper
for host path examples.

Important: To configure SmartConnect, you must also

create records on the customer DNS servers. If the clients
use DNS for name resolution, configure the DNS server to
forward cluster name resolution requests to the
SmartConnect service.

SmartConnect Licensing

The table shows the differences between SmartConnect Basic included

with OneFS as a standard feature, and SmartConnect Advanced, which
requires an active license.

SmartConnect Basic (unlicensed) SmartConnect Advanced

(licensed)

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 128

SmartConnect Foundations

• Static IP allocation only • Static and dynamic IP allocation

• Multiple subnets • Multiple subnets
− Single pool per subnet − Multiple pools per subnet
− Single SC DNS zone per − Multiple SC zone names per
subnet subnet
• One balancing option: Round- • Four balancing options: Round-
robin robin, Connection count,
Throughput, and CPU usage
− Cannot specify an IP
address failover policy or − Can define an IP address
failover policy and rebalance
rebalance policy
policy
• Up to 2 SSIPs per subnet
• Up to 6 SSIPs per subnet

SmartConnect Advanced - IP Failover and Rebalance

Policies

The IP address failover policy specifies how to handle the IP addresses

that were assigned to a network interface when that interface becomes
unavailable.

The rebalance policy determines how IP addresses are redistributed when

a network interface for a given IP address pool becomes available after a
period of unavailability.

To define a failover or rebalance policy, you must have a license for

SmartConnect Advanced, and the IP address allocation policy must be set
to dynamic. The tables provide more SmartConnect balancing information.

Failover Policies

IP Failover Description Workload

Policy Characteristics

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 129

SmartConnect Foundations

Round- Selects the next available network • "General use or

robin interface on a rotating basis. This unsure"
is the default policy and available • "There are many
in SmartConnect basic. NFS, and SMB long
lived connections."
Connection Determines the number of open
count TCP connections on each
available network interface and
selects the interface with the
fewest client connections.

Throughput Determines the average • "Heavy constant

throughput on each available activity on a few
network interface and selects the clients"
interface with the lowest load. • "Many short lived
connections such as
CPU Determines the average CPU
HTTP, FTP"
Usage utilization on each available
network interface and selects the • "NFS Automount
interface with the lightest and/or UNC path
processor usage. are used"

Rebalance Policies

Rebalance Description
Policy

Manual IP address rebalancing must be manually triggered, and IP

Failback addresses will be redistributed according to the connection
balancing method.

Automatic IP addresses automatically rebalance according to the

Failback connection balancing method specified by the IP address
failover policy defined for the IP address pool.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 130

SmartConnect Foundations

SmartConnect Configuration Components

The SIPs, SmartConnect zone, and the DNS entries are the configuration
components for SmartConnect.

• SmartConnect service IPs

• IP addresses pulled out of subnet
• Never used in pool
• Interfaces with DNS server
• Two with standard license, maximum of six per subnet with
advanced license
• SmartConnect Zone name
• One name per pool
• Friendly name for users (seen as servers on the network)
• sales.isilon.xattire.com - \\sales
• mktg.isilon.xattire.com -\\mktg
• DNS

• Add DNS delegation record for SmartConnect Zone.

• Add A or AAAA record for the SmartConnect Service IPs.

Tip: On the PowerScale Networking hub, see the

PowerScale: Network Design Considerations white paper
regarding QoS implementation to deliver optimal client
success.

SmartConnect Configuration - Create SmartConnect

Zone Demonstration

This demonstration shows the initial network configuration for the cluster.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 131

SmartConnect Foundations

Movie:

The web version of this content contains a movie.

Important: The video demonstration displays an older

version of the OneFS UI. The new OneFS 9.5 version has UI
changes, but the functionality of all elements remains the
same.

Link:
https://edutube.dell.com/Player.aspx?vno=4hL0i4iBe2BLqJzlT4dN/Q==&a
ttachments=true&autoplay=true

In this demonstration, we’ll go through the step for an initial configuration

of the cluster external network. The demonstration shows configuring
SmartConnect and a dedicated pool for an access zone.

First, login to the WebUI and navigate to the Cluster management,

Network configuration page. The External network tab is selected by
default. Note that groupnet0 and subnet0 is automatically created by
OneFS. On the subnet0 line, select View / Edit. There are no values for
SmartConnect. Select Edit. Go to the SmartConnect service IPs and enter
the range of SmartConnect IP addresses. OneFS versions prior to OneFS
8.2 do not allow you to enter a range of IP addresses. For this
demonstration we will be using a SmartConnect service name.

Select Save changes. The CLI equivalent to add the SmartConnect

service address is the isi network subnet modify command. Now
that SmartConnect is configured, we will configure the IP address pool for
the access zone. On the subnet0 line, click on the More dropdown and
select Add pool.

Enter the pool name and then select the access zone. For this
implementation the authentication providers and the access zones are
already created.

Next enter the range of IP address for this pool. Select the external node
interfaces that will carry the client traffic. The SmartConnect basic fully
qualified zone name is sales.dees.lab. We have the SmartConnect

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 132

SmartConnect Foundations

advanced license activated. Here is where we can configure the advanced

functions. For the demonstration, we will keep the default settings. Select
Add pool. The CLI equivalent to create a pool is the isi network pools
create command.

This demonstration showed the initial configuration of the network. This

concludes the demonstration.

SmartConnect Considerations

Listed are some areas to consider when discussing SmartConnect.

• DNS Integration:
− DNS primer
− DNS host record
− DNS Delegation best practices
− Cluster name resolution process example
• Never put SIP address in an IP address pool.
• Start with round-robin balancing then modify for workflow.
• DNS servers (not SmartConnect) handle the client DNS requests.
• Ensure that appropriate firewall ports are open.
• SyncIQ requires static allocation.
• Static pools are best used for stateful clients, and dynamic pools are
best for stateless clients.

Protocol Protocol Suggested zone type

NFSv3 Stateless Dynamic

NFSv4 Stateful Dynamic or Static

SMBv1 Stateful Dynamic or Static

SMBv2/SMBv2.1 Stateful

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 133

SmartConnect Foundations

SMBv3 Multi- Stateful

channel

FTP Stateful Static

SFTP / SSH Stateful Static

HDFS Stateful – See the Using

Protocol is Hadoop with OneFS
tolerant of Info Hub for content
failures related to Hadoop on
OneFS

S3 Stateless Dynamic

HTTP / HTTPS Stateless Static

SyncIQ Stateful Static required

• Time-to-live value71.

71 SmartConnect DNS delegation server answers DNS queries with a

time-to-live of 0 so that the answer is not cached. Not caching the answer
distributes the IP addresses successfully. Certain DNS servers, such as
Windows Server 2003, 2008, and 2012, fixes the value to one second.
Many clients requesting an address within the same second causes all of
them to receive the same address. In some situations, barriers to
deploying SmartConnect happen, in which case other means should be
specified in the solution design.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 134

SmartConnect Foundations

Tip: On the PowerScale Networking hub, see the

PowerScale: Network Design Considerations white paper
for more information about suggested protocol use.

Activity: SmartConnect

The web version of this content contains an interactive activity.

Challenge

1. Select the statements that are true about SmartConnect.

a. SmartConnect enables the cluster to appear as a single network
element to a client system.
b. SmartConnect distributes clients across the cluster to optimize
performance.
c. SmartConnect handles the DNS requests from the client for name
resolution.
d. Any number of SSIP can be configured when the SmartConnect
Advanced license is activated on the cluster.

Job Aid: SmartConnect

Just the Basics: Configure the SSIP and create SmartConnect zone. The
example creates two SSIPs on subnet0.
1. Configure the SSIP:
isi network subnets modify subnet0 --scservice-addr
192.168.1.211-192.168.1.212

2. Create the SmartConnect zone for the sales access zone.

SmartConnect zone uses ext-1 on nodes 1-6.
isi network pools create groupnet0.subnet0.sales --
access-zone sales --ifaces 1-6:ext-1 --ranges

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 135

SmartConnect Foundations

192.168.1.101-192.168.1.109 --sc-dns-zone
sales.delledu.lab

3. Verify the configuration:

isi network subnets list

Tip: sales.delledu.lab should be a delegated domain in

DNS. The PowerScale Administration lab content contains
more information on configuring SmartConnect with DNS.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 136

IP Address Pools

Scenario

After covering networking at the groupnet and subnet levels, it is now time
to examine IP address pools and then implement them on the cluster.

Determine the best allocation method and then configure IP address pools
and settings.

IP Address Pools

IP address pools are created within a subnet and consist of one or more
IP address ranges. IP address pools are allocated to external network
interfaces and associated with a node, a group of nodes, NIC ports or
aggregated ports.

The pools of IP address ranges in a subnet enables customizing how

users connect to your cluster.

• For example, based on the network traffic expected, admins can

decide to establish one IP address pool for storage nodes and another
for accelerator nodes.

An IP address pool must be unique, and either be IPv4 or IPv6 as

specified by the subnet that contains the pool.

Use case: Say that X-Attire adds four F800 nodes for a video media
group. X-Attire wants the video media team to connect directly to the F800

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 137

IP Address Pools

nodes to use various high I/O applications. The administrators can

separate the X-Attire connections. Access to the home directories connect
to the front end of the H500 nodes while the video media group accesses
the F800 nodes. This segmentation keeps the home directory users from
using bandwidth on the F800 nodes.

Link Aggregation

Configure for each node - cannot configure across nodes.72

Configure link aggregation, or NIC aggregation, on the pool.

Link aggregation provides improved network throughput and redundancy.

The network interfaces are added to an IP address pool one at a time or

as an aggregate.

72The aggregated NICs must reside on the same node. You cannot
aggregate a NIC from node 1 and a NIC from node 2.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 138

IP Address Pools

Link Aggregation Modes

The link aggregation mode73 determines how traffic is balanced and

routed among aggregated network interfaces.

OneFS supports dynamic and static aggregation modes.

LACP

Link Aggregation Control Protocol, or LACP, is a dynamic aggregation

mode that supports the IEEE 802.3ad.

Configure LACP at the switch level and on the node. Enables the node to
negotiate interface aggregation with the switch.

LACP mode is the default aggregation mode.

73The aggregation mode is selected on a per-pool basis and applies to all

aggregated network interfaces in the IP address pool.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 139

IP Address Pools

Round Robin

Static aggregation mode that rotates connections through the nodes in a

first-in, first-out sequence, handling all processes without priority.

Round robin balances outbound traffic across all active ports in the
aggregated link and accepts inbound traffic on any port.

Round robin is configured on the PowerScale cluster in OneFS.

Client requests are served one after the other based on their arrival.

Note: Round Robin is not recommended if the cluster is using TCP/IP

workloads.

Failover

Static aggregation mode that switches to the next active interface when
the primary interface becomes unavailable. The primary interface handles
traffic until there is an interruption in communication. At that point, one of
the secondary interfaces takes over the work of the primary.

Active/Passive failover is configured on the PowerScale cluster in OneFS.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 140

IP Address Pools

Loadbalance (FEC)

Typically used with older Cisco switches - LACP preferred in new

generation PowerScale nodes. In OneFS 8.2 and later, load-balance
replaces the FEC option

Fast Ethernet Channel, or FEC, is a static aggregation method.

Loadbalance accepts all incoming traffic and balances outgoing traffic

over aggregated interfaces that is based on hashed protocol header
information that includes source and destination addresses.

Link Aggregation Mapping

Logical network interface, or LNI, numbering corresponds to the physical

positioning of the NIC ports as found on the back of the node.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 141

IP Address Pools

Network interfaces that can be added to an IP address pool as an

aggregated interface are included when viewing a list of network
interfaces on a node. Aggregated LNIs are listed in the order in which they
are created. NIC names correspond to the network interface name as
shown in command-line interface, such as ifconfig and netstat.

Logical Network Aggregated LNI

Number (LNI)

ext-1 ext-agg = ext-1 + ext-2

ext-2

ext-1 ext-agg = ext-1 + ext-2

ext-2 ext-agg-2 = ext-3 + ext-4
ext-3 ext-agg-3 = ext-3 + ext-4 + ext-1 + ext-2
ext-4

ext-1 ext-agg = ext-1 + ext-2

ext-2 10gige-agg-1 = 10gige-1 + 10gige-2
10gige-1
10gige-2

40gige-1, 40gige-2 (or 40gige-agg-1 = 40gige-1 + 40gige-2 (or

100gige-1, 100gige-2) 100gige-1, 100gige-2)

Important: Number of logical network interfaces vary based

on node model.

IP Allocation Methods

The IP address allocation policy specifies how the IP addresses in the

pool are assigned to an available network interface.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 142

IP Address Pools

Administrators can choose an allocation method of either static or dynamic

when configuring IP address pools on the cluster.

Static

A static pool assigns one IP address to each network interface added to

the IP address pool but does not guarantee that all IP addresses are
assigned.

• Once assigned, the network interface keeps the IP address indefinitely,

even if the network interface becomes unavailable.
• To release the IP address, remove the network interface from the pool
or remove it from the node.
• If there are more IP addresses than network interfaces, new nodes
(node interfaces) added to the pool get the additional IP addresses74.

Static is the only method available for IP address allocation without a

license for SmartConnect Advanced.

74 An initial node provisioning rule called rule0 automatically assigns the

first network interface for all newly added nodes to pool0. Another
provisioning rule could apply if it was created.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 143

IP Address Pools

SmartConnect DNS Settings:

SC Suspended Nodes: -
SC Connect Policy:
round_robin
SC Zone:
SC DNS Zone Aliases: -
SC Subnet:
SC TTL: 0
boston-1#

CLI output showing static allocation

network settings.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 144

IP Address Pools

Dynamic

Dynamic IP allocation is only available with a license for SmartConnect

Advanced.

Assigns IP addresses to each network interface added to the IP address

pool until all IP addresses are assigned.

• This guarantees a response when clients connect to any IP address in

the pool.

Dynamic IP allocation ensures that all available IP addresses in the IP

address pool are assigned to member interfaces when the pool is created.

• If a network interface becomes unavailable, its IP addresses are

automatically moved to other available network interfaces in the pool
as determined by the IP address failover policy.

Dynamic IP allocation has the following advantages:

• Enables NFS failover, which provides continuous NFS service on a
cluster even if a node becomes unavailable.
• Provides high availability because the IP address is always available to
clients.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 145

IP Address Pools

SmartConnect DNS Settings:

SC Suspended Nodes: -
SC Connect Policy:
round_robin
SC Zone:
SC DNS Zone Aliases: -
SC Subnet: subnet0
SC TTL: 0
boston-1#

CLI output showing dynamic allocation

network settings.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 146

IP Address Pools

Static and Dynamic Pools

Characteristics of a static IP pool:

• Each interface in the pool gets exactly one IP (assuming enough IPs
as interfaces).
• Additional IPs will not be allocated to any interface.
• IPs do not move from one interface to another.
• If an interface goes down, then the IP also goes down.

Characteristics of a dynamic IP pool:

• Each IP in the pool is allocated to an interface in the pool.

• IPs automatically move to another interface in the pool if an interface
goes down.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 147

IP Address Pools

• IPs automatically move to another interface in the pool if a node

transitions to an ‘unhealthy’ state.
• IPs will automatically move back to that node when it transitions back
to a ‘healthy’ state, with rebalance policy set to ‘auto’ and IPs are
available.

Allocation Recommendations

It is recommended to select a static allocation method if your clients

connect through stateful protocols and a dynamic allocation method with
stateless protocols.

The table displays several common protocols and the recommended

allocation method:

File sharing Recommended

protocol allocation method

• SMB Static
• HTTP
• HDFS
• sFTP
• FTPS
• SyncIQ
• SmartSync

• NFSv3 Dynamic
• NFSv4
• S3

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 148

IP Address Pools

Tip: Enhanced functionality includes continuous availability

(CA) for SMBv3 enabling a client to dynamically move to
another node in the event the node they are connected goes
down. See the PowerScale OneFS Web Administration
Guide for details located on the PowerScale Info Hubs site.

IP Address Allocation Failover Video

The video is an example of how the advanced SmartConnect handles IP

failover.

Movie:

The web version of this content contains a movie.

Link:
https://edutube.dell.com/html5/videoPlayer.htm?vno=xANsUhfq
pmyDEdwlJZIBDQ

In this six node Isilon cluster, an IP address pool provides a single static
node IP 10.126.90.140 through 145, to an interface on each cluster node.
Another pool of dynamic IPS have been created and distributed across the
cluster. When node one goes offline, the static node IP for node one is no
longer available.

The NFS failover IPS and the connected clients associated with node 1
failover to the remaining nodes based on the IP failover policy. If a node
with client connections established goes offline. The behavior is protocol
specific. The practice for NFS V3 and NFS V4 clients is to set the IP
allocation method to dynamic. NFS V3 automatically reestablishes an IP
connection as part of the NFS Failover.

Although NFS V4 is stateful, onefs 8X versions and higher keep the

connection state information for NFS V4 and sync across multiple nodes.
In other words, if the IP address gets moved off an interface because that
interface went down, the TCP connection is reset. NFS V3 and NFS V4

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 149

IP Address Pools

reestablishes the connection with the IP on the new interface and retries
the last NFS operation.

However, SMB protocols are stateful, so when an IP is moved to an

interface on a different node, the connection is broken because the state
is lost. A best practice for all non NFS V3 and V4 connections is to set the
IP allocation method to static. Other protocols, such as SMB and HTTP
have mechanisms to help the client recover gracefully after a connection
is unexpectedly disconnected.

Activity: Link Aggregation

The web version of this content contains an interactive activity.

Challenge

Lab Assignment: The authentication providers and access zones are

configured, now set up the SmartConnect zones and IP address pools.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 150

Identity Management Administration

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 151

IP Address Pools

Identity Management Administration

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 152

Role-Based Access Control

Scenario

The next topic covers administrative access. Several administrators in the

organization require management access, however, granting root access
to every admin is not secure or allowed by the business. The IT manager
asked that administrators be given management access to their areas on
the PowerScale cluster. Proper administration requires understanding how
to configure management access, using role-based access control, or
RBAC, and zone-based RBAC, or ZRBAC. Learn the integrated roles and
privileges, then configure RBAC on the system.

Overview

Role-based access control (RBAC) and Zone Role-based access control

(ZRBAC) administration supports granting users with privileges and the
ability to perform certain tasks.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 153

Role-Based Access Control

By using roles, the root and admin users can assign others to integrated
or custom roles that have login and administrative privileges to perform
specific administrative tasks.

A user who is assigned to more than one role has the combined privileges
of those roles.

In the example, user Penni is assigned as the Backup Administrator role

and is unable to view many of the privileges that user root can see.

Best Practice: Assign users to roles that contain the

minimum set of necessary privileges. For most purposes,
the default permission policy settings, system access zone,
and integrated roles are sufficient. Create role-based access
management policies as necessary for your particular
environment.

Roles

RBAC allows the right to perform particular administrative actions to be

granted to any user who can authenticate to a cluster.

OneFS includes integrated administrator roles with predefined sets of

privileges that the administrator cannot modify. The administrator can
create custom roles and assign privileges.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 154

Role-Based Access Control

Integrated Roles

OneFS includes several integrated roles75 and are configured with the
most likely privileges necessary to perform common administrative
functions.

Select each role to learn more.

• SecurityAdmin integrated role76
• SystemAdmin integrated role77
• AuditAdmin integrated role78
• BackupAdmin integrated role79
• VMwareAdmin integrated role80

Custom roles

Custom roles supplement integrated roles.

75 The predefined list of privileges assigned to each built-in role cannot be

modified. However, you can assign users and groups to built-in roles.
76 The SecurityAdmin integrated role enables security configuration on the

cluster, including authentication providers, local users and groups, and

role membership.
77 The SystemAdmin integrated role enables administration of all cluster

configuration that is not handled by the SecurityAdmin role.

78 The AuditAdmin integrated role enables you to view all system

configuration settings, therefore, privileges are granted as read.

79 The BackupAdmin integrated role enables backup and restore of files

from /ifs.
80 The VMwareAdmin integrated role enables remote administration of

storage necessary for VMware vCenter.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 155

Role-Based Access Control

You can create custom roles81 and assign privileges that are mapped to
administrative areas in your PowerScale cluster environment.

Zone Integrated Roles

With OneFS 8.2 and later, zRBAC enables the assigning of roles and a
subset of privileges that must be assigned on a per-access-zone basis.
Administrative tasks that the zone-aware privileges cover can be
delegated to an administrator of a specific access zone. Select each zone
integrated role to learn more.
• ZoneAdmin82
• ZoneSecurity Admin83
• BasicUserRole84

The following list describes what you can and cannot do through roles:
• Assign privileges to a role but not directly to users or groups.
− Data backup and restore privileges can be assigned to a user that
are explicitly for cluster data backup and restore actions.
• Create custom roles and assign privileges to those roles.

81 For example, create separate administrator roles for security, auditing,

storage provisioning, and backup.
82 Allows administration of configuration aspects that are related to the

current access zone.

83 Allows administration of security configuration aspects that are related

to the current access zone.

84 The BasicUserRole integrated role provides limited permissions

appropriate for APEX File Storage Services users.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 156

Role-Based Access Control

• Copy an existing role.

• Add any user or group of users, to one or more roles, provided the
users can authenticate to the cluster.

Role Creation Video

The video provides an overview of role creation.

Movie:

The web version of this content contains a movie.

Download the transcript from the player or see the student guide for a
transcript of the video.

Important: The video demonstration displays an older version

of the OneFS UI. The new OneFS 9.5 version has UI
changes, but the functionality of all elements remains the
same.

Link:
https://edutube.dell.com/Player.aspx?vno=tQkWrNubtdORFBHxoRlMAg=
=&attachments=true&autoplay=true

This demonstration shows the steps to configure role-based access

control or RBAC and zone-aware RBAC, or ZRBAC. To frame the
demonstration, I will use the scenario of two new members on the IT team.
I will assign the users with the minimum needed privileges to manage the
cluster for their job role.

Login as admin, a user that can assign privileges. Navigate to Access,

Membership and roles. On the Membership and roles page, note that the
access zone selected is System. Go to the Roles tab. Before moving on to
the configuration, note that OneFS has a number of built-in roles that
cover most access needs. There may be a need to define a custom role.
In these instances, you can select the Create a Role button. I will

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 157

Role-Based Access Control

demonstrate this in a moment. A great place to learn more about the

different privileges is the Isilon OneFS Web Administration Guide.

Hayden is the administrator I am adding to the AuditAdmin role. Select

View/Edit and then Edit the role. Next select Add a member to this role. In
the Providers choices, select Active Directory DEES.lab. Then select the
domain. Remember, you must join the cluster to the Active Directory
domain to view the users. Hayden is a member of the dees.lab domain.
Select Hayden. Notice that you can modify built-in roles by adding or
removing privileges. Save the changes.

The next example is to add a Windows administrator, Sai, to the sales

access zone. Adding Sai to a role specific to the access zone prevents
him from accidentally configuring Windows shares in other zones. In fact,
Sai will have no visibility into other zones. On the Roles tab, select the
sales access zone. Note the two built-in roles really do not provide the
level of access for Sai. Create a role. The role name is WinAdmin and add
a short description. Shown is the CLI command to create a zone role.
Remember OneFS version 8.2 introduces zone-aware roles.

Previous version CLI commands do not have the --zone option.

boston-2# isi auth roles create --zone sales WinAdmin.
Just as in the previous example, add a member to this role. Select the
provider and then the domain. Next Search and select Sai. Now add
privileges to the role. First, add the ability to log in to the WebUI. Next, add
the privilege to configure SMB. Give Read/write access to this privilege.
Now save the role. boston-2# isi auth roles modify WinAdmin
--zone sales --add-priv ISI_PRIV_LOGIN_PAPI --add-priv
ISI_PRIV_SMB –-add-user dees\\sai. Now verify the privileges of
the users.

Logout and then log in as Hayden, the AuditAdmin. The first indication is
the Access menu. Notice the options are missing. Navigating to Protocols,
Windows sharing, notice Hayden cannot create a share, only view. Also,
since added to a System zone role, Hayden can audit information in other
zones. System zone administrators are global.

Log out of the WebUI and login as Sai. You must login at an IP address or
netBios associated with the sales access zone. Viewing the Access
options, Sai does not have the privileges. Navigating to Protocols,

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 158

Role-Based Access Control

Windows sharing, notice Sai cannot switch to another access zone, but
can configure SMB shares. This demonstration stepped through
configuring RBAC and ZRBAC. This concludes the demonstration.

Role Management

Administrators can view, add, or remove members of any role, except for
integrated roles, whose privileges cannot be modified.

Admin user can add or remove OneFS privileges on a role-by-role basis.

View Roles

The table shows the CLI commands to view role information.

Command Description

isi auth roles list A basic list of all roles on the cluster

isi auth roles list - Detailed information about each role on the
-verbose cluster, including member and privileged list

isi auth roles view Detailed information about a single role,

<role> where <role> is the name of the role

View Privileges

User Privileges are performed through the CLI. The table shows the
commands that display a list of your privileges or of another user.

Command Description

isi auth privileges - View a list of privileges

-verbose

isi auth id View a list of your privileges

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 159

Role-Based Access Control

isi auth mapping View a list of privileges for another user,

token <user> where <user> is a placeholder for another
user by name

Create, modify, and delete a custom role

Create an empty custom role and then add users and privileges to the
role. Deleting a custom role does not affect the privileges or users that are
assigned to it.

The table shows the commands that are used to create, modify, and
delete a custom role.

Command Description

isi auth roles create To create a role, where <name> is the

<name> [--description name to assign to the role and
<string>] <string> specifies an optional
description

isi auth roles modify To add a user to the role, where

<role> [--add-user <role> is the name of the role and
<string>] <string> is the name of the user

isi auth roles modify To add a privilege with read/write

<role> [--add-priv access to the role, where <role> is the
<string>] name of the role and <string> is the
name of the privilege

isi auth roles modify To add a privilege with read-only

<role> [--add-priv-ro access to the role, where <role> is the
<string>] name of the role and <string> is the
name of the privilege

isi auth roles delete To delete a custom role, where

<name> <name> is the name of the role that
you want to delete

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 160

Role-Based Access Control

Go to: Dell Technologies PowerScale OneFS Info Hubs,

select the OneFS version, and see the OneFS CLI
Administration Guide and the OneFS CLI Command
Reference for complete CLI commands.

Privileges

Privileges permit users to complete tasks on a cluster. Administrators

cannot modify built-in roles. Privileges are associated with an area of
cluster administration such as Job Engine, SMB, Quotas, or statistics.
Privileges enable admins to control the actions that a user or role can
perform within a particular area of cluster administration.

ZRBAC provides flexibility for organization administrators to manage

resources according to their specific organization.

Important: The WebUI privileges names differ from the

names that are seen in the CLI.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 161

Role-Based Access Control

Go to: For a complete list of predefined privileges, see the

OneFS 9.5 CLI Administration Guide on the OneFS Info
Hub.

ZRBAC - ISI_PRIV_AUTH Privilege

The zone-based ISI_PRIV_AUTH privilege enables non-system zone

administrators to create and modify their zone authentication providers.

• Using the CLI, run the command isi auth privileges for a
complete list of all privileges.
• For a list of privileges for a specific zone, run the command isi auth
privileges --zone=sales

− The command output shows only privileges available for ZRBAC.

Output is abbreviated.
boston-1# isi auth privileges --zone=sales
ID Description
------------------------------------------------------
--------------------------------------
ISI_PRIV_LOGIN_PAPI Log in to Platform
API and WebUI
ISI_PRIV_LOGIN_PAPI_BYPASS_MFA Bypass MFA
requirements for API sessions
ISI_PRIV_AUTH Configure
identities, roles and authentication providers
ISI_PRIV_AUTH_PROVIDERS Configure Auth
providers
ISI_PRIV_AUTH_RULES User mapping
rules.
ISI_PRIV_ROLE Create new roles
and assign privileges
ISI_PRIV_AUDIT Configure audit
capabilities
...output shortened

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 162

Role-Based Access Control

------------------------------------------------------
--------------------------------------
Total: 51

Best Practices

When employing role-based access, consider the following:

• Perform an in-depth needs-based security review.

• Configure cluster administration from the System zone and zone
administration from the access zone.
• Assign users to roles that contain the minimum set of necessary
privileges.
• For most purposes, the default permission policy settings, system
access zone, and integrated roles are sufficient.
• Generate a fail-safe root account and distribute among a quorum of
responsible corporate officers.
• Exceeding 200 roles could impact cluster performance.
• SSH, FTP, and WebDAV access is only available from the System
access zone, non-System access zones use the WebUI, and PAPI.

Activity: RBAC-ZRBAC

The web version of this content contains an interactive activity.

Challenge

Lab Assignment: Go to the lab and create user accounts for RBAC and
ZRBAC.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 163

Role-Based Access Control

Job Aid: Role-Based Access Control

The Basics: Create an administrative user and assign the user to a role.
1. Create a local user in the System zone:
isi auth users create DivAdmin -enabled yes --set-
password --password-expires no

2. Add a user to a role:

isi auth roles modify SystemAdmin --add-user DivAdmin

The Basics: RBAC management commands:

• List the Active Directory users that can authenticate to the Sales
access zone:
isi auth users list --zone sales --domain
"delledu.lab"

• View the members and the privileges associated with a role:

isi auth roles view SystemAdmin

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 164

User Identity Mapping

Scenario

Before beginning to configure Windows shares, NFS exports, or S3

buckets, administrators must understand how OneFS manages identity.
The IT manager expects everyone to understand and implement identity
management, user tokens, mapping, and on-disk identity.

Layers of Access

Cluster connectivity has four layers of interaction. The third layer is identity
assignment. The layer is straightforward and based on the results of the
authentication layer.

There are some cases that need identity mediation within the cluster, or
where roles are assigned within the cluster that are based on user identity.

The focus of this topic is identity assignment.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 165

User Identity Mapping

Network and AIMA Hierarchy

The graphic shows how authentication, identity management, and

authorization, or AIMA, ties into the network hierarchy at different levels.

1. The user connects to a SmartConnect zone name, which is tied to a

subnet, and SSIP.
2. The SmartConnect zone name is mapped to an access zone85. The
access zone contains the authentication providers, user mapping, ID
mapping, and generates user tokens.
3. The access zone has a base directory where file permissions and user
identities on disk are applied.
4. Windows shares, NFS exports, and S3 buckets are created per access
zone.

85 Consisting of an IP address pool and node interface ports.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 166

User Identity Mapping

Link: See PowerScale OneFS Authentication, Identity

Management, and Authorization white paper for more
information.

Identity Management

Identity management is the process of associating memberships with a

user. Once the identity is confirmed, OneFS identifies the user and checks
for the access that the user has. Managing the identity takes place
through Active Directory or LDAP but could also be through the OneFS
local for file providers.

OneFS identity management maps users and groups, providing a single

unified identity on a cluster. OneFS identity management provides uniform
access control to files and directories, regardless of the incoming protocol.

Authentication providers and protocols are covered in other

topics.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 167

User Identity Mapping

1: Upon an authentication request, lsassd searches the configured

authentication sources for matches. If the identity is verified, OneFS
generates an internal access token used by the identity management
system. When a user attempts to access cluster resources, OneFS allows
or denies access based on matching the identity, user, and group
memberships to this same information on the file or folder.

2: The authentication providers use OneFS to first verify a user identity,

then users are authorized to access cluster resources. The top layers are
access protocols – NFS for UNIX clients, SMB for Windows clients, and
FTP and HTTP for all.

3: Between the protocols and the lower-level services providers, is the

OneFS lsassd daemon. lsassd mediates between the authentication
protocols that clients use, and the authentication providers, who check
their data repositories for user identity and file access.

Access Token Overview Video

The video describes the access token generation. See the student guide
for the video transcript or download from the player.

Movie:

The web version of this content contains a movie.

OneFS Tokens Overview

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 168

User Identity Mapping

URL:
https://edutube.dell.com/Player.aspx?vno=MmSHIH1OvcP5nHsi0hd51g==
&attachments=true&autoplay=true

When the cluster receives an authentication request, the lsassd searches

the configured authentication sources for matches to the incoming identity.
If the identity is verified OneFS generates an Access Token. Access
Token form basis of who you are when performing actions on the cluster.
Shown is the output of the users mapping token. The token supplies the
primary owner and group identities to use during file creation. For most
protocols the access token is generated from the user name or from the
authorization data that is received during authentication. Access tokens
are also compared against permissions on an object during authorization
checks. The access token includes all identity information for the session
OneFS exclusively uses the information in the token when determining if a
user has access to a particular resource.

Access Token Generation

During authentication, OneFS creates an access token for the user. The
token contains the full identity of the user, including group memberships,
and OneFS uses the token later to check access to directories and files.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 169

User Identity Mapping

The following steps present a simplified overview of the detailed process

through which an access token is generated:

Steps Process

1. User identity The user is looked up in all configured

lookup authentication providers in the access zone, in the
order they are listed. The user identity and group
ID list are retrieved from the authenticating
provider. Additional group memberships that are
associated with the user and group list are looked
up for all other authentication providers. All these
SIDs, UIDs, or GIDs are added to the initial token.

2. ID mapping The user's identifiers are associated across

directory services. All SIDs are converted to their
equivalent UID/GID and vice versa. These ID
mappings are also added to the access token.

3. User mapping Access tokens from other directory services are

combined. If the username matches any user
mapping rules, the rules are processed in order
and the token is updated accordingly.

4. On-disk identity The default on-disk identity is calculated from the

calculation final token and the global setting. These identities
are used for newly created files.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 170

User Identity Mapping

Primary Identities

OneFS supports three primary identity types, UIDs86, GIDs87, and SIDs88.

OneFS automatically allocates UIDs and GIDs from the range89 of

1,000,000 to 2,000,000. It is also important that the range from which
OneFS automatically allocates UIDs and GIDs does not overlap with any
other ID range.

Best Practice: Watch for ID overlap: If UIDs and GIDs

overlap multiple directory services, some users might gain
access to directories and files of other users.

86 The user identifier, or UID, is a 32-bit string that uniquely identifies users
on the cluster. UNIX-based systems use UIDs for identity management.
87 The group identifier, or GID, for UNIX serves the same purpose for

groups that UID does for users.

88 The security identifier, or SID, is a unique identifier that begins with the

domain identifier and ends with a 32-bit Relative Identifier (RID). Most
SIDs take the form S-1-5-21----, and are specific to a domain or system,
and denotes the object inside the domain. SID is the primary identifier for
users and groups in Active Directory.
89 A UID or GID is a 32-bit number with a maximum value of

4,294,967,295.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 171

User Identity Mapping

1: The user identifier, or UID, is a 32-bit string that uniquely identifies

users on the cluster. UNIX-based systems use UIDs for identity
management.

2: The security identifier, or SID, is a unique identifier that begins with the
domain identifier and ends with a 32-bit Relative Identifier (RID). Most
SIDs take the form S-1-5-21-<A>-<B>-<C>-<RID>, where <A>, <B>, and
<C> are specific to a domain or system, and <RID> denotes the object
inside the domain. SID is the primary identifier for users and groups in
Active Directory.

3: The group identifier, or GID, for UNIX serves the same purpose for
groups that UID does for users.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 172

User Identity Mapping

Secondary Identities

Secondary identifiers are names, such as usernames. Different systems

such as LDAP and Active Directory may not use the same naming
convention to create object names. There are many variations to entering
or displaying a name90.

1: Windows provides a single namespace for all objects that is not case-
sensitive, but specifies a prefix that targets the DEES Active Directory
domain. UNIX assumes unique case-sensitive namespaces for users and
groups. For example, Sera and sera can represent different objects.

90Windows provides a single, case-insensitive namespace for all objects

and specifies a prefix to target an Active Directory domain; for example,
domain\name.
UNIX assumes unique case-sensitive namespaces for users and groups.
For example, Name and name represent different objects.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 173

User Identity Mapping

2: Kerberos and NFSv4 define principals, which require names to be

formatted the same way as email addresses; for example,
[email protected].

Multiple Identities

When working in a multiprotocol environment, administrators must make

sure users have the same experience regardless of protocol access.

Multiple identity, or multiprotocol access, could include configuring

mapping to ensure user IDs correctly map to one another.

OneFS is RFC 2307 compliant and can be enabled to simplify user

mapping.

See the participant guide for information about mapping challenges and
considerations.

Mapping is done either through an external authentication provider or

through user-mapping rules on the cluster. Another factor to consider is
merging UIDs together on the cluster from different environments. Do not
put UIDs from different environments and their authentication providers in
the same access zone. When there are two identifiers for the same user,
build the user token with all appropriate IDs. The final challenge in a multi-
protocol environment is to appropriately apply the permissions. Verification
may require some testing and experimenting on the administrator's part to
fully understand what different permission settings mean when applied to
a user.

ID Mapper Database

User ID mapping provides a way to control permissions by specifying

security identifiers, user identifiers, and group identifiers.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 174

User Identity Mapping

1: The user mapper feature can apply rules to modify the user identity
OneFS uses, add supplemental user identities, and modify the group
membership of a user. The user mapping service combines user identities
from different directory services into a single access token. The mapping
service then modifies it according to any rules created.

2: OneFS uses the identifiers to check file or group ownership.

3: Mappings are stored in a cluster-distributed database that is called the

ID mapper. The ID provider builds the ID mapper using incoming source
and target identity type—UID, GID, or SID. Only authoritative sources are
used to build the ID mapper.

4: Each mapping is stored as a one-way relationship from source to

destination. If a mapping is created, or exists, it must map both ways. The
two-way mappings are presented as two complementary one-way
mappings in the database. When receiving an identity request, if a
mapping exists between the specified source and the requested type,
OneFS returns the mapping.

The command isi auth mapping list produces a list of the ID

mapping database. Show in the output, the column on the right delineates
which of the values are real or fake. 32 indicates the left is real; right is
fake. 48 indicates the right is real, left is fake. 128 and 144 indicate both
the left and right values are real.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 175

User Identity Mapping

On-Disk Identity

OneFS uses an on-disk identity store for a single identity for users and
groups.

On-disk identities enable administrators to choose storing UNIX or

Windows identity automatically or enables the system to determine the
correct identity to store.

Though OneFS creates a user token from information on other

management systems, OneFS stores an authoritative version of the
identity as the preferred on-disk identity.

On-Disk Identity Use Cases

On-disk identity types are Native, UNIX, and SID. Although you can
change the type of on-disk identity, the native identity is best for a network
with UNIX and Windows systems.

Almost all protocols require some level of mapping to operate correctly, so

choosing the preferred identity to store on disk is important. Configure
OneFS to store either the UNIX or the Windows identity, or you can allow
OneFS to determine the optimal identity to store.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 176

User Identity Mapping

In native on-disk identity mode, setting the UID as the on-disk identity
improves NFS performance.

The use case for the default Native setting is an environment that has
NFS and SMB client and application access. With the Native on-disk
identity set, lsassd attempts to locate the correct identity to store on disk
by running through each ID-mapping method. The preferred object to
store is a real UNIX identifier. OneFS uses a real UNIX identifier when
found. If a user or group does not have a real UNIX identifier (UID or GID),
OneFS stores the real SID. Click on the highlighted icon to learn more.

Resources

For further documentation, see the PowerScale Product page for product
information, labs, demos, blogs, etc.

See the OneFS Info Hubs for user guides, hardware and software
compatibility, and other technical information.

Challenge

Lab assignment: Go to the lab and configure the on-disk identity type for
the cluster.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 177

Authorization

Permissions Scenario

The last topic to complete before creating Windows shares, NFS exports,
and S3 buckets is how OneFS handles permissions to the files and
directories. The IT manager must confirm each administrator can
configure POSIX mode bits, Windows ACLs, and how OneFS handles
both types of permissions.

Permissions Overview

OneFS supports two types of permissions data on files and directories that
control who has access: Windows-style access control lists (ACLs) and
the POSIX mode bits of UNIX systems. The individual files and folders
that clients access over NFS or SMB can have UNIX permissions and
Windows ACLs assigned.

Data access with OneFS:

• Supports NFS and SMB protocols and accesses the same directories
and files with different clients.
• OneFS generates a synthetic ACL, which is a direct representation of
the POSIX bits in ACL form.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 178

Authorization

• Authoritative permissions are stored on disk.

• OneFS approximately maps ACLs and mode bits91 - no perfect one-to-
one mapping exists.

Important: Multi-protocol access is covered in greater detail

in the PowerScale Advanced Administration course.

Mixed data-access protocol environments

OneFS enables data access using multiple file-sharing and transfer

protocols. As a result, Microsoft Windows, UNIX, Linux, and macOS X
clients can share the same directories and files.

To handle cross-protocol file access, OneFS stores an internal

representation of the permissions of a file system object, such as a
directory or a file.

The internal representation, which can contain information from either the
POSIX mode bits or the ACLs, is based on RFC 3530 (NFS version 4).

Select each item for more information:

• State92

91 The internal representation of identities and permissions can contain

information from UNIX sources, Windows sources, or both. Because
access protocols can process the information from only one of these
sources, the system may need to make approximations to present the
information in a format the protocol can process.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 179

Authorization

• Synthetic ACLs93
• Authority94

92 A file can only be in one of the states at a time. That state is

authoritative. The actual permissions on the file are the same, regardless
of the state.
93 OneFS uses the internal representation to generate a synthetic ACL,

which approximates the mode bits of a UNIX file for an SMB client.
Because OneFS derives the synthetic ACL from mode bits, it can express
only as much permission information as mode bits can and not more.
94 OneFS must store an authoritative version of the original file

permissions for the file sharing protocol and map the authoritative
permissions for the other protocol. OneFS must do so while maintaining
the security settings for the file and meeting user expectations for access.
The result of the transformation preserves the intended security settings
on the files and ensures that users and applications continue to access
the files with the same behavior.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 180

Authorization

Deep Dive: See the PowerScale OneFS Authentication,

Identity Management, and Authorization white paper for
more details.

UNIX Permissions - POSIX Overview

In a UNIX environment, file and directory access is controlled by POSIX

mode bits, which grant read, write, or execute permissions to the owning
user, the owning group, and everyone else. OneFS supports the standard
UNIX tools for viewing and changing permissions, ls, chmod, and chown.

Set the permissions flags to grant permissions to each of these classes.

Assuming the user is not root, the class determines access to the
requested file.

1: User or owner permission

2: Group permissions

3: Others or everyone permissions

4: Configure permission flags to grant read (r), write (w), and execute (x)
permissions to users, groups, and others in the form of permission triplets.
The classes are not cumulative. OneFS uses the first class that matches.
Typically, grant permissions in decreasing order, giving the highest
permissions to the file owner and the lowest to users who are not the
owner or the owning group.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 181

Authorization

5: These permissions are saved in 16 bits, which are called mode bits.

6: The information in the upper 7 bits can also encode what the file can
do, although it has no bearing on file ownership. An example of such a
setting would be the “sticky bit.”

Important: OneFS does not support POSIX ACLs, which

are different from Windows ACLs.

POSIX in the WebUI

The graphic shows root user who is logged in and the /ifs/boston/hr
directory. Only root user can view and edit the owner and group of the
object.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 182

Authorization

To assign read, write, or execute permissions to the specified account

owner (user), group members (group), and anyone (other), select or clear
the mode bit boxes. To apply setting changes, click Save changes.

chmod Command

OneFS supports the standard UNIX tools for changing permissions:

chmod and chown. The change mode command, chmod, can change
permissions of files and directories. The man page for chmod documents
all options.

Changes that are made using chmod can affect Windows ACLs.

chown Command

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 183

Authorization

The chown command is used to change ownership of a file. Changing the

owner of a file requires root user access. The basic syntax for chown is
chown [-R] newowner filenames. Using the -R option changes the
ownership on the sub directories.

The chgrp command changes the group. View the man pages for
command definitions.

Windows ACLs Overview

In Windows environments, file and directory permissions, referred to as

access rights, are defined in access control lists (ACLs)95. Although ACLs

95A Windows ACL contains zero or more access control entries (ACEs),
each of which represents the security identifier (SID) of a user or a group
as a trustee. In OneFS, an ACL can contain ACEs with a UID, GID, or SID
as the trustee. Each ACE contains a set of rights that allow or deny
access to a file or folder.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 184

Authorization

are more complex than mode bits, ACLs can express much more granular
sets of access rules.

While you can apply permissions for individual users, Windows

administrators usually use groups to organize users, and then assign
permissions to groups instead of individual users.

Group memberships can cause a user to have several permissions to a

folder or file.

Windows includes many rights that you can assign individually, or you can
assign rights that are bundled together as permissions. For example, the
Read permission includes the rights to read and execute a file while the
Full Control permission assigns all user rights. Full Control includes the
right to change ownership and change the assigned permissions of a file
or folder.

When working with Windows, note the important rules that dictate the
behavior of Windows permissions. First, if a user has no permission that is
assigned in an ACL, then the user has no access to that file or folder.
Second, permissions can be explicitly assigned to a file or folder, and they
can be inherited from the parent folder. By default, when creating a file or
folder, it inherits the permissions of the parent folder. If moving a file or
folder, it retains the original permissions. On a Windows client, if the check
boxes in the Permissions dialog are not available, the permission are
inherited. You can explicitly assign permissions. Explicit permissions
override inherited permissions. The last rule to remember is that Deny
permissions take precedence over Allow permissions. However, an
explicit Allow permission overrides an inherited Deny permission.

ACL Permission Policy Settings

OneFS has configurable ACL policies that manage permissions.

Administrators can change the default ACL settings globally or
individually, to best support the environment. The global permissions
policies change the behavior of permissions on the system. For example,
selecting UNIX only changes the individual ACL policies to correspond
with the global setting. The permissions settings of the cluster are handled
uniformly across the entire cluster, rather than by each access zone.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 185

Authorization

The WebUI > Access > ACL policy settings page. Letter A-E in the WebUI
General ACL settings section translate in the CLI command output. Use
the "isi auth settings acls modify" command to configure the ACL settings.

1: Enables PowerScale cluster permissions to operate in a mixed UNIX

and Windows environment. Recommended for most PowerScale cluster
deployments.

2: Enables PowerScale cluster permissions to operate with UNIX

semantics, as opposed to Windows semantics. Enabling this option
prevents ACL creation on the system.

3: Enables PowerScale cluster permissions to operate with Windows

semantics, as opposed to UNIX semantics. System will return an error on
UNIX chmod requests.

4: Allows configuration of General ACL Settings and Advanced ACL

Settings options

Managing ACL Permissions

The output shows OneFS enhancements to the ls command.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 186

Authorization

1: The ls -le command shows actual permissions stored on disk and

ACL from security descriptor.

2: The ls -len command shows numerical (n) owner and group SID or
UID/GID.

3: The ls -lean shows hidden (a) directories.

4: The long format includes file mode, number of links, owner, group, MAC
label, number of bytes, abbreviated month, day file last modified, hour file
last modified, minute file last modified, and the path name.

OneFS takes advantage of standard UNIX commands and has enhanced

some commands for specific use with OneFS.

The list directory contents, ls, command provides file and directory
permissions information, when using an SSH session to the cluster.
PowerScale has added specific options to enable reporting on ACLs and
POSIX mode bits.

Tip: The ls command options are all designed for long

notation format, which is displayed when the -l option is
used. The -l option also displays the actual permissions
that are stored on disk.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 187

Authorization

Synthetic vs Advanced ACLs

A Windows client processes only ACLs, it does not process UNIX

permissions. When viewing the permission of a file from a Windows client,
OneFS must translate the UNIX permissions into an ACL.

Synthetic ACL is the name of the OneFS translation.

If a file has Windows-based ACLs (and not only UNIX permissions),

OneFS considers it to have advanced, or real ACLs96.

96 Advanced ACLs display a plus (+) sign when listed using an ls –l, or as
shown, the ls -led command. POSIX mode bits are present when a file has
a real ACL, however these bits are for protocol compatibility and are not
used for access checks.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 188

Authorization

Permission Authority Video

The video discusses authentication and authorization. See the student

guide for a transcript of the video or download from player.

Movie:

The web version of this content contains a movie.

Important: The video demonstration may display an older

version of the OneFS UI. The new OneFS 9.5 version has UI
changes, but the functionality of all elements remains the
same.

Link:
https://edutube.dell.com/Player.aspx?vno=EN8uMS3WuRwjY4Q0mIUaZw
==&attachments=true&autoplay=false

Let us begin with a look at authentication and authorization. Whereas

authentication is verifying a user identity, authorization grants users or
group permission to access files and directories. Authentication is logging
into a system using credentials. When logged in, authorization is what
gives the user different levels of access. As an analogy, an employee
badge with a security access code is proof as to who the individual is. The
badge grants access to the door to the corporate building, thus the user
has permission to enter. Share level permissions work similarly in that
users get access to the share before they can gain access to any of the
share directories. A user that has access to a directory (office) can then
access the files within the directory, providing permission to the file is
given.

Access to a folder on an Isilon cluster is determined through two sets of

permission entries: POSIX mode bits and Windows ACLs. The graphic
shows the /dvt folder and two shares that are created underneath it.
SMB access depends both of these permissions and when the share
permissions combine with file or directory permissions, OneFS enforces
the most restrictive set of permissions. For example, if a user has no write

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 189

Authorization

permission to the /dvt share then the user cannot write to the /linux
and /win directories or files within the directories.

Two options are available when creating a share, Do not change

existing permissions and Apply Windows default ACLs. Understand
the Apply Windows default ACLs settings. This setting can destroy or at
a minimum alter explicitly defined directory permissions that are created
on the share. For example, carefully migrated permissions can change,
creating more work and the potential of causing data unavailability. Files
and directories can be either POSIX authoritative or ACLs authoritative.

A synthetic ACL does not exist on the file system and is not stored
anywhere. Instead, OneFS generates a synthetic ACL as needed, and
then discards it. OneFS creates the synthetic ACL in memory when a
client that only understands ACLs, such as Windows clients, queries the
permissions on a file that only has POSIX permissions.

With synthetic ACLs, POSIX mode bits are authoritative. POSIX mode bits
handle permissions in UNIX environments and govern the synthetic ACLs.
Permissions are applied to users, groups, and everyone, and allow or
deny file and directory access as needed. The read, write, and execute
bits form the permissions triplets for users, groups, and everyone. The
mode bits can be modified using the WebUI or the CLI standard UNIX
tools such as chmod and chown. Since POSIX governs the synthetic
ACLs, changes made using chmod change the synthetic ACLs. For
example, running chmod 775 on the /ifs/dvt directory changes the mode
bits to read-write-execute for group, changing the synthetic ACL for the
group. The same behavior happens when making the access more
restrictive, for example, running chmod 755, changes the synthetic ACL to
its corresponding permission. The chmod behavior is different when ACLs
are authoritative.

In the example, the directory /ifs/dvt/win has a real ACL. The POSIX
mode bits are 775. Running chmod 755 does not change to the POSIX
mode bits since merging 775 with 755 gives the combined value of 775.
Shown is an excerpt from the Isilon cluster WebUI page that shows the
different behaviors.

The first example shows that the share permission is everyone read-only
although the POSIX indicates read-write-execute. Windows users can

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 190

Authorization

write to the share based on the synthetic ACLs. The second example
shows POSIX at 755. Although the ACL is set to a user with full control,
the user cannot write to the share—POSIX is authoritative.

The “+” indicates a real or native ACL that comes directly from Windows
and is applied to the file. Access control entries make up Windows ACLs.
An administrator can remove the real ACL permission using the chmod -
b command. ACLs are more complex than mode bits and can express a
richer set of access rules. However, not all POSIX mode bits can
represent Windows ACLs any more than Windows ACLs can represent
POSIX mode bits.

Once a file is given an ACL, its previous POSIX mode bits are no longer
enforced—the ACL is authoritative. The first example shows a real ACL
used, POSIX set for 777, and the share permissions for the user set to
read-only. Although the POSIX show read-write-execute for everyone, the
user cannot write because of the ACL. In contrast, the second example
shows the case where the user can write.

Resources

For further documentation, see the PowerScale Product page for product
information, labs, demos, blogs, etc.

See the OneFS Info Hubs for user guides, hardware and software
compatibility, and other technical information.

Activity: Authorization

The web version of this content contains an interactive activity.

Challenge

Lab Assignment: Log in to the cluster and verify the ACL policy setting.

 Permissions and ownership using the WebUI

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 191

Authorization

 Permissions and ownership using the CLI

 ACL authoritative
 ACL policy setting

Job Aid: Authorization

Just the Basics: Commands are run using in an SSH session on a node.
• Change authorization to allow full control of a POSIX authoritative file:
chmod 777 /ifs/divgen/base/file1.foo

• Change the owner of a file to the Active Directory administrator:

chown [email protected]
/ifs/divgen/base/file1.foo

• Give the Windows domain users group full control with inheritance on a
directory:
chmod +ai group 'delledu\domain users' allow
generic_all /ifs/divgen/base

• View the ownership, authority, and permissions of a directory:

ls -led /ifs/divgen/base

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 192

Client Access Administration

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 193

Authorization

Client Access Administration

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 194

OneFS Caching

Scenario

The IT manager is familiar with caching and how it is designed to improve

read and write performance. The manager wants an illustration of how
caching works in the PowerScale system and if there are any benefits
included.

OneFS Caching Overview and Levels

The OneFS caching infrastructure design is predicated on aggregating the

cache present on each node in a cluster into one globally accessible pool
of memory.97 This allows all the nodes memory cache to be available to
every node in the cluster.

Caching maintains a copy of the metadata98 and/or the user data blocks in
a location other than primary storage.

97 OneFS uses an efficient messaging system, similar to non-uniform

memory access (NUMA).
98 The copy is used to accelerate access to the data by placing the copy

on a medium with faster access than the drives.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 195

OneFS Caching

Cache Levels

OneFS uses up to three levels of read cache, plus an NVRAM-backed

write cache, or coalescer.

Both L1 cache and L2 cache are managed and maintained in RAM and
analogous to the cache used in processors (CPUs). These two cache
layers are present in all Dell PowerScale storage nodes. However, OneFS
is also capable of using SSDs as level 3, or L3 cache.

Each cache has its own specialized purpose and works together to
provide performance improvements across the entire cluster.

Name Type Persistence Description

L1 Cache RAM Volatile Also called front-end cache, holds

clean, cluster coherent copies of
file system data and metadata
blocks requested by clients over
the frontend network.

L2 Cache RAM Volatile Back-end cache, containing clean

copies of file system data and
metadata on a local node.

SmartCache NVRAM Non-volatile Persistent, battery backed

/ Write NVRAM journal cache which
Coalescer buffers any pending writes to
front-end files that have not been
committed to disk.

L3 Cache SSD Non-volatile Contains file data and metadata

blocks evicted from L2 cache,
effectively increasing L2 cache
capacity.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 196

OneFS Caching

L1 Cache

L1 cache is the client-side cache. L1 is the buffer on the node that the
client connects and is involved in any immediate client data transaction.

Following a successful read transaction, the data in L1 cache is flushed or

emptied to provide space for other transactions.

Client-side cache.

1: L1 cache allows all blocks for immediate read requests. Read cache is
flushed after a successful read transaction and write cache is flushed after
a successful write transaction. L1 cache collects the requested data from
the L2 cache of the nodes that contain the data.

L2 Cache

L2 cache is the storage side or node-side buffer. L2 cache stores blocks

from previous read and write transactions.

L2 buffers write transactions and L2 writes to disk and prefetches

anticipated blocks for read requests.

L2 cache works with the journaling process.

When full, flushes according to the age of the data.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 197

OneFS Caching

L2 cache.

1: L2 cache is also contained in the node RAM. It is fast and available to

serve L1 cache read requests and take data handoffs from the write
coalescer. L2 cache interacts with the data that is contained on the
specific node. The interactions between the drive subsystem, the HDDs,
and the SSDs on the node go through the L2 cache for all read and write
transactions.

2: Interacts with node drives and L3 cache.

L3 Cache

An optional third tier of read cache, called SmartFlash or Level 3 cache

(L3), is also configurable on nodes that contain solid state drives (SSDs).
SmartFlash (L3) is an eviction cache that is populated by L2 cache blocks
as they are aged out from memory.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 198

OneFS Caching

Requires one or more SSDs to function.

• L3 cache SSDs must be present and exclusively reserved and

configured for caching use99.
• L3 cache is enabled by default for new node pools.

Good for random, read heavy workflows accessing the same data sets.

L3 cache has no prefetch.

L3 cache.

1: Extension of L2 cache.

2: SSD access is slower than access to RAM and is relatively slower than
L2 cache but faster than access to data on HDDs. L3 cache is an
extension of the L2 read cache functionality. Because SSDs are larger
than RAM, SSDs can store more cached metadata and user data blocks

99Conversely, all-flash nodes do not need an L3 cache because all data

and metadata blocks already reside on SSDs.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 199

OneFS Caching

than RAM. When L3 cache becomes full and new metadata or user data
blocks are loaded into L3 cache, the oldest existing blocks are flushed
from L3 cache. Flushing is based on first in first out, or FIFO. L3 cache
should be filled with blocks being rotated as node use requires.

Important: H-Series and A-Series have two SSD slots in

each node. In H-Series nodes you have the option to enable
or disable L3 cache. In A-Series nodes, you cannot disable
L3 cache. In F-Series nodes, all disks are SSDs so the L3
cache option does not apply.

SmartCache

OneFS caching hierarchy.

OneFS includes a write-caching feature called SmartCache (also known

as the write coalescer), which is enabled by default for all files and
directories. Write caching accelerates the process of writing data to the

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 200

OneFS Caching

cluster. OneFS achieves this by batching up smaller write requests and

sending them to disk in bigger chunks, removing a significant amount of
disk writing latency.

When clients write to the cluster, OneFS uses write buffering to aggregate,
or coalesce, multiple write operations to the NVRAM file systems journals.
This data can then be written to disk safely and more efficiently, instead of
immediately writing to disk100. OneFS can then flush these cached writes
to disk at a later, more convenient time.

Important: It is recommended to keep write caching enabled

and enable write caching for all file pool policies.

OneFS Caching Big Picture

The graphic shows an eight-node cluster that is divided into two node
pools with a detailed view of one of the nodes.

Expanded view of node cache layers.

100Also, these writes are mirrored to participant nodes’ NVRAM journals to

satisfy the file’s protection requirement. If there is a cluster split or
unexpected node outage, uncommitted cached writes are fully protected.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 201

OneFS Caching

1: Clients connect to L1 cache and the write coalescer. The L1 cache is

connected to the L2 cache on the other nodes and within the same node.
The connection to other nodes occurs over the internal network when data
that is contained on those nodes is required for read or write.

2: The L2 cache on the node connects to the disk storage on the same
node. The L3 cache is connected to the L2 cache and serves as a read-
only buffer. The L2 cache on the node connects to the disk storage on the
same node.

3: L3 extension from L2.

4: L1 talks to L2 on all cluster nodes.

5: Backend network.

Anatomy of a Read

When a client requests a file, the client-connected node uses the isi
get command to determine where the blocks that make up the file are
located.

A file read operation on a 3-node cluster.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 202

OneFS Caching

1: The first file inode is loaded, and the file blocks are read from disk on all
other nodes. If the data is not present in the L2 cache, data blocks are
copied into the L2. The blocks are sent from other nodes through the
backend network.

2: If the data is already present in L2 cache, it is not loaded from the hard
disks. OneFS waits for the data blocks from the other nodes to arrive.
Otherwise, the node gets the data load from the local hard disks.

3: Data blocks are reconstructed in L1, and then the file is sent to the
client.

Anatomy of an Asynchronous Write

When a client requests a file write to the cluster, the client-connected node
receives and processes the file.

The example explains how OneFS handles writes.

An asynchronous write operation

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 203

OneFS Caching

1: Writes are cached in the write coalescer, which is a portion of the RAM.
The write coalescer caches writes until becoming full, reaching a time
limit, or the client requests a confirmation that the blocks are committed to
stable storage.

2: The node then creates a write plan for the file, which includes
calculating Forward Error Correction, or FEC. Also, this node determines
where and how OneFS stores the file and corresponding metadata that
the file pool policy defines.

The write plan consists of a set of participant nodes that take part in
writing the chunk of data. Each participant node is responsible for
choosing the best place to locally put the data that it is sent.

3: OneFS writes data blocks assigned to the client-connected node to the

journal of that node. Also, OneFS copies the data blocks to the L2 read
cache in hopes of satisfying subsequent reads. The data stays cached in
L2 for future reads.

4: Data blocks assigned to other nodes travel through the internal network
to their L2 cache, and then to their journal.

Once all the nodes have the data and parity blocks journaled, confirmation
from all the nodes is sent to the client-connected node.

An acknowledgment is then returned to the client.

5: Once complete, OneFS runs this write plan and guarantees its
successful completion. OneFS writes data at the highest protection level

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 204

OneFS Caching

that is possible given the cluster configuration and the protection policy.
Data is written to storage drives.

L3 Cache Settings

L3 cache is enabled by default for all new node pools that are added to a
cluster.

L3 cache is either on or off and no other visible configuration settings are

available.

File system > Storage pools > SmartPools settings. Enabling and disabling L3 at the
global level and at the node pool level.

CLI Commands

The following commands are used to disable globally and to enable at the
node pool level.
• Global setting:
isi storagepool settings modify --ssd-13-cache-
default-enabled no

• Node Pool setting:

isi storagepool nodepools modify <pool name> --13 yes

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 205

OneFS Caching

L3 Cache Considerations

The following are the L3 cache considerations:

• L3 cache cannot co-exist with other SSD strategies101 on the same

node pool.
• SSDs in an L3 cache enabled node pool cannot participate as space
used for GNA.
• L3 acts as an extension of L2 cache regarding reads and writes102 on a
node.
• You cannot enable L3 cache in all-flash nodes103.
• L3 cache has a metadata only mode (as opposed to data and
metadata) to support archive-series storage nodes.
• Enabling L3 cache on an existing node pool with SSDs takes some
time104.
• Disabling L3 cache is a fast operation because no data needs to be
moved and drive reformatting can begin immediately.

101 Such as metadata read acceleration, metadata read/write acceleration,

and data on SSD.
102 The process of reading or writing, except for larger available cache, is

substantially unchanged.
103 On Gen6.5 and PowerScale nodes F200, F600, F810, and F900, all

data drives are SSDs.

104 Data and metadata on the SSDs must be evacuated to other drives

before the SSDs can be formatted for caching.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 206

OneFS Caching

Deep Dive: For more information on OneFS Caching, see

the PowerScale OneFS SmartFlash white paper.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 207

SMB Shares

SMB Scenario

Your Challenge: The IT manager has tasked the administrator to create a

share that the Windows users can access. To create a share, the admin
must know at a minimum:

 Share name
 Share path

SMB Overview, Protocols, and Options

OneFS includes a configurable SMB service to create and manage SMB

shares, allowing Microsoft Windows and MacOS X clients to access files
that are stored on the cluster. Admins can grant permissions to users and
groups to perform operations such as reading, writing, and setting access
permissions on SMB shares.

Protoocols

Enable the protocols intended for use for file sharing. Admins can
configure the OneFS cluster to use SMB or NFS exclusively, or both.
Administrators can also enable HTTP, FTP, and SSH, and configure
default shares and exports for each enabled protocol.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 208

SMB Shares

SMB Clients

OneFS supports the following SMB clients:

SMB Version Supported Operating Systems

3.0 - Windows 8 or later

Multichannel Windows Server 2012 or later
only105

2.1 Windows 7 or later

Windows Server 2008 R2 or
later

105 SMB Multichannel is a feature of the SMB 3.0 protocol and supports
establishing a single SMB session over multiple network connections.
Multichannel provides: 1 - Increased throughput. 2 - Connection failure
tolerance. 3 - Automatic discovery.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 209

SMB Shares

2.0 Windows Vista or later

Windows Server 2008 or later
Mac OS X 10.9 or later

1.0 Windows 2000 or later

Windows XP or later
Mac OS X 10.5 or later

SMB share management through MMC

OneFS supports the Shared Folders snap-in for the Microsoft

Management Console (MMC), which allows SMB shares on the cluster to
be managed using the MMC tool.

Admins can configure access zones and connect to a zone through the
MMC Shared Folders snap-in to directly manage all shares in that zone.

Establish a connection through the MMC Shared Folders snap-in to a

PowerScale node to perform SMB share management tasks:

• Create and delete shared folders

• Configure access permission to an SMB share
• View a list of active SMB sessions
• Close open SMB sessions

For MMC connection requirements, see the OneFS Web Admin Guide.

Important: Previous versions of OneFS show the Object

storage as Swift. Use the OneFS S3 protocol support
instead, as Swift will be removed from OneFS in a future
release. For more information using the isi swift
command to manage the Swift protocol, see the OneFS CLI
Administration Guide.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 210

SMB Shares

SMB Server-Side Copy

Server-side copy offloads copy operations to the server when the

involvement of the client is unnecessary.

File data no longer traverses the network for copy operations that the
server can perform.

The server-side copy feature is enabled by default. Administrators can

only disable or enable SMB server-side copy using the command line
interface (CLI).

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 211

SMB Shares

Important: In OneFS, server-side copy is incompatible with

the SMB CA. If CA is enabled for a share and the client
opens a persistent file handle, server-side copy is
automatically disabled for that file.

SMB Continuous Availability

OneFS contributes to data availability by supporting SMB3 Continuous

Availability, or CA, for Windows clients.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 212

SMB Shares

CA106 ensures that when a node failure occurs, or preventative

maintenance is performed, all in-flight reads and writes are handed off to
another node in the cluster. This node will then finish the operation without
any user or application interruption.

Enabling and Disabling SMB Service

The SMB server settings page contains the global settings that determine
how the SMB file sharing service operates.

These settings include enabling or disabling support for the SMB service.

The SMB service is disabled by default.

106Advanced algorithms are used to determine the metadata and user

data blocks that are cached in L3. L3 cached data is durable and survives
a node reboot without requiring repopulating.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 213

SMB Shares

A case107 for disabling the SMB service is when testing disaster readiness.

Share Creation Video

This video demonstrates the process of creating an SMB share, mapping

the share, and verifying access. See the student guide for a transcript of
the video or download from the player.

Movie:

The web version of this content contains a movie.

Important: The video demonstration displays an older version

of the OneFS UI. The new OneFS 9.5 version has UI
changes, but the functionality of all elements remains the
same.

Link:
https://edutube.dell.com/Player.aspx?vno=aMwue+nqUbFdOFoqKa98Fg=
=&attachments=true&autoplay=false

This demonstration shows the steps to configure SMB shares. Log in to

the WebUI as admin. The dashboard shows all the cluster nodes are

107The organization fails over the production cluster or directory to a

remote site. When the remote data is available and users write to the
remote cluster, all SMB traffic should be halted on the production site.
Preventing writes on the production site prevents data loss when the
remote site is restored back to the production site.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 214

SMB Shares

healthy. The cluster is running OneFS 8.2. Navigate to Protocols,

Windows sharing. The SMB share will be in the marketing access zone.
Select Create an SMB share. The share I am creating is called “general
purpose”. I will add a description. The path /ifs/marketing/GeneralPurpose
does not exist so I will ensure it is created. This is a Windows only share
that did not previously exist so I will select Apply Windows default ACLs.
In the Members table I will give Everyone full control and then Create
share. The next step is to access the share from a Windows client. From
the Windows client, I will open Windows Explorer and map the share.
Good. Now as a simple test I am creating a text document. I will write
some content and save. And then I will open the document. This
demonstration stepped through configuring, mapping, and accessing an
SMB share.

Share Creation

Settings Section

Type the full path of the share in the path field, beginning with /ifs.

You can also browse to the share. If the directory does not exist, the
Create SMB share directory if it does not exist creates the required
directory.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 215

SMB Shares

Directory ACLs

Use caution when applying the default ACL settings as it may overwrite
existing permissions in cases where the data has been migrated onto the
cluster.

When a cluster is set up, the default permissions on /ifs may or may not
be appropriate for the permissions on your directories.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 216

SMB Shares

Summary108

Home Directory Provisioning

OneFS supports the automatic creation of SMB home directory paths for
users.

Using variable expansion, user home directories are automatically

provisioned.

Variables:
• %D109

108 1 - If adding a share to an existing directory structure, it is

recommended to not change the ACL. Select the Do not change existing
permissions. 2 - If creating a share for a new directory, it is recommended
to grant Windows users rights to perform operations. Set the Apply
Windows default ACLs and then once the share is created, go into the
Windows Security tab and assign permissions to users as needed.
109 NetBIOS domain name.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 217

SMB Shares

• %U110
• %Z111
• %L112

Member, File Filter, and Advanced Settings

If needed, administrators can apply the Members113 permissions.

Adjustments made to Advanced settings override the default settings for

this share only.

110 Username - for example, user_001

111 Zone name—for example, System.
112 Hostname of the cluster, normalized to lowercase.

113 The default permissions configuration is read-only access for the

Everyone account. Edit or Add member to enable users and groups to

write to the share.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 218

SMB Shares

You can make access zone global changes to the default values in the
Default share settings tab. Changing the default share settings is not
recommended.

The CLI equivalent commands are:

• isi smb shares create - Create a share

• isi smb shares modify - Edit a share
• isi smb shares list - view the current Windows shares on a
cluster.

The share name can contain up to 80 characters, and can only contain
alphanumeric characters, hyphens, and spaces. The description field
contains basic information about the share. There is a 255-character limit.
Description is optional but is helpful when managing multiple shares.

Example for directory ACLs: Say that /ifs/eng is a new directory that was
created using the CLI. Windows users can create and delete files in the
directory. When creating the share, if the Do not change existing
permissions is set and then users attempt to save files to the share, an
access denied occurs because Everyone has read access. Even as an
administrator you cannot modify the security tab of the directory to add
Windows users because the mode bits limit access to only Root.As an
example, /ifs/eng is and NFS export and you explicitly want the /ifs/eng

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 219

SMB Shares

mode bit rights set based on UNIX client application requirements.

Selecting the Apply Windows default ACLs option as shown in the graphic,
overwrites the original ACLs, which can break the application. Thus, there
is risk that is associated with using Apply Windows default ACLs with an
existing directory.

Example for home directories: To create a share that automatically

redirects users to their home directories, select the Allow variable
expansion box. To automatically create a directory for the user, check the
Auto-create directories box. You may also set the appropriate flags by
using the isi smb command in the command-line interface. In the
graphic, 1) set up user access to their home directory by mapping to
/ifs/finance/home. Users are automatically redirected to their home
directory /ifs/finance/home/. 2) Expansion variables are used to
automatically create a path where the users store the home directory files.
After the creation, users connecting to this share are automatically
redirected to their home directory according to the used path variables.
The access zone is implied, because all access for Active Directory is
done per access zone and each access zone has its own home directory
path.

Activity: SMB Shares

The web version of this content contains an interactive activity.

Challenge

Lab Assignment: Log in to the cluster and create home directories and a
general-purpose share.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 220

NFS Exports

Scenario

Now that Windows users can access the cluster with SMB
shares, it is time to configure access for the Linux users. Create
an export that the Linux users can access. Begin with getting
familiar with NFS, creating the export, mounting the export, and
verifying client access.

NFS Overview

For the NFS protocol, OneFS supports NFSv3, NFSv4, plus NFSv4.1/2 in
OneFS 9.3. Also, OneFS 9.2 and later include support for NFSv3 over
RDMA.

Exporting a directory enables accessing the data that is hosted on the

cluster.

NFS is disabled by default in the cluster.

Additional information on connectivity.

NFS Over RDMA

Remote Direct Memory Access (RDMA) is originated with InfiniBand and

evolved gradually on Ethernet network environment.

With NFSv3 over RDMA support, direct memory access between OneFS
and NFSv3 clients is available with consuming less client CPU resource.
Also, NFSv3oRDMA improves OneFS network performance with lower
latency, lower CPU load, and higher throughput.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 221

NFS Exports

Best Practice: The NFS service runs in user space and

distributes the load across all nodes in the cluster. This
process enables the service to be highly scalable and
support thousands of exports. Avoid creating a separate
export for each client on your network. It is more efficient to
create fewer exports, and to use access zones and user
mapping to control access.

NFS Client Availability

SmartConnect Advanced supports dynamic IP NFS failover and failback

for Linux and UNIX clients providing continuous access to data when
hardware or a network path fails.

Clients transparently fail over to another node when a network or node

fails.

All in-flight reads and writes are handed off to another node in the cluster
to finish its operation without any user or application interruption.

No manual intervention on the client side.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 222

NFS Exports

Best Practice: Dynamic failover is recommended for high

availability workloads on SmartConnect subnets that handle
traffic from NFS clients.

Enabling and Disabling NFS

If NFSv4 is enabled, specify the name for the NFSv4 domain in the NFSv4
domain field on the Zone setting page.

Administrators can customize the user/group mappings, the security types

(UNIX and/or Kerberos), and other advanced NFS settings.

The NFS global settings determine how the NFS file sharing service
operates. The settings include enabling or disabling support for different
versions of NFS. Enabling NFSv4 is nondisruptive, and it runs
concurrently with NFSv3. Enabling NFSv4 does not impact any existing
NFSv3 clients.

Configuration steps on the UNIX sharing (NFS) page have the

possibilities to reload the cached NFS exports configuration to ensure that
any DNS or NIS changes take effect immediately.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 223

NFS Exports

NFS Export Creation - Settings

Create and manage NFS exports using either the WebUI or the CLI.

For the CLI, use the isi nfs exports command.

Export per access zone.

A client can be identified by host name, IPv4 or IPv6 address, subnet, or

netgroup. Client fields:
• Clients - allowed access to the export

• Always read-write clients - allowed read/write access regardless of

export's access restriction setting
• Always read-only clients - allowed read-only access regardless of
export's access restriction setting
• Root clients - map as root

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 224

NFS Exports

OneFS can have multiple exports with different rules that apply the same
directory. A network hostname, an IP address, a subnet, or a netgroup
name can be used for reference. The same export settings and rules that
are created here apply to all the listed directory paths. If no clients are
listed in any entries, no client restrictions apply to attempted mounts.

When multiple exports are created for the same path, the more specific
rule takes precedence. For example, if the 192.168.3 subnet has read-
only access and 192.168.3.3 client has read/write access.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 225

NFS Exports

NFS Export Creation - Permissions

Permissions settings can restrict access to read-only and enable mount

access to subdirectories. Other export settings are user mappings.114

114The "root user mapping" default is to map root users to nobody, and
group is none. The default Security type is "UNIX (system)". Scrolling
down in the "Create an export" window shows the "Advanced settings".

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 226

NFS Exports

Best Practice: Leave the advanced settings as-is unless it

is necessary and there is a complete understanding of the
consequences of these changes. Uninformed changes
could result in operational failures. Adjustments made to
these settings override the default settings for this export
only.

NFSv3 and NFSv4 Differences

Select each feature to learn more.

Feature NFSv3 NFSv4

State115 Stateless Stateful

Permissions116 POSIX mode bits Supports Windows ACLs

Transport117 UDP/TCP TCP

115 NFSv3 is a stateless protocol. A client can be redirected to another

node, if configured, without interruption to the client. NFSv4.x is a stateful
protocol, the connection state between the client and the node is
maintained by OneFS to support NFSv4.x failover.
116 Because of the advances in the protocol specification, NFSv4 can use

Windows ACLs. NFSv4 mandates strong authentication, and can be used

with or without Kerberos.
117 NFSv4 drops support for UDP communications, and only uses TCP

because of the need for larger packet payloads than UDP supports. File

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 227

NFS Exports

Mount118 Exports mounted All exports mounted together as

separately part of pseudo file system

Locking119 File locking only - File and byte range locking - in

NLM NFS protocol

NFS Considerations

• For NFSv3 and NFSv4 continuous availability, clients should use

dynamic IP address pools.
• For NFS3 and NFS4, the maximum read and write sizes (rsize and
wsize) are 1 MB.
• The number of threads used by the OneFS NFS server is dynamically
allocated and auto-tuning and depends the amount of available RAM.
• As a conservative best practice, active NFS v3 or v4 connections
should be kept under 1,000, where possible.
• The recommended limit for NFS exports per cluster is 40,000. To
maximize performance, configure NFS exports for asynchronous
commit.

caching can be delegated to the client. The server can grant a read or
write file delegation to the clients, which enables the clients to
aggressively cache file data.
118 NFSv4.x servers present all the exported file systems within a single

hierarchy. The clients’ view of a pseudo-file system will be limited to paths

to which the clients has permission to access.
119 NFSv4.x integrates the file locking (NLM/NSM) and the mount protocol,

whereas NFSv3 relied on NLM for file locking.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 228

NFS Exports

− Use 100, 40, or 25 GbE whenever available.

− Where possible, use Jumbo frames (MTU 9000) to increase
network payload.
− Use SmartConnect load-balancing, typically with a round-robin
balancing policy.
− Consider using NFS netgroups for large, complex NFS
environments.

Deep Dive: For more information on implementing the NFS

service including key considerations and best practices, see
the PowerScale OneFS NFS Design Considerations and
Best Practices white paper.

Activity: NFS Exports

The web version of this content contains an interactive activity.

Challenge

Lab Assignment: Create the NFS directory, export the directory, and
mount it to the Centos client.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 229

S3 Buckets

Scenario

The IT manager learned that PowerScale can implement the AWS S3

protocol and is considering using the cluster to store and share their S3
content. The administrator is tasked with learning about AWS S3, how it
integrates with PowerScale, and then to create an S3 bucket.

S3 Overview

OneFS supports the Amazon Web Services Simple Storage Service 120
(AWS S3) protocol for reading data from and writing data to the OneFS
platform.

The S3-on-OneFS technology enables the usage of AWS S3 protocol to

store data in the form of objects on top of the OneFS file system storage.

120
AWS (S3) is an AWS service that provides object storage through a
web interface. OneFS 9.0.x and later support S3 as a tier 1 protocol.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 230

S3 Buckets

The S3 protocol supports bucket and object creation, retrieving, updating,

and deletion.

OneFS S3 value:

• Multi-protocol access121
• Multi-tenancy - access zone aware
• Latency and IOPs equivalent to other OneFS protocols
• The data resides under a single namespace

121The AWS S3 protocol becomes a primary resident of the OneFS

protocol stack, along with NFS, SMB, and HDFS. The technology allows
multiprotocol access to objects and files.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 231

S3 Buckets

• Compatible with SmartSync122

• Interoperability with OneFS data services such as snapshots, WORM,
quotas, SyncIQ, and others

Implementation - Creating an S3 Bucket

Enable S3 Service

WebUI showing enabled service. By default, the service is disabled.

CLI command to change the port settings: isi s3 settings global

modify

122 OneFS Datamover (SmartSync) enables data transfer between

PowerScale clusters and S3 object stores (ECS, AWS) using the
Datamover transfer engine that is embedded in OneFS. Datamover
enables file-to-file transfers between PowerScale clusters using RPC and
file-to-object copy transfers to S3 (ECS, AWS) and Azure cloud systems.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 232

S3 Buckets

Zone Settings

Configure the root path.

CLI command to set the root path: isi s3 settings global modify

Object storage (S3) Page

Create buckets using the Object storage (S3) page or using the isi s3
buckets create command.

Create Bucket

WebUI example shows creating a bucket.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 233

S3 Buckets

CLI command to create the bucket and add ACL:

isi s3 buckets create bucket3

/ifs/engineering/bucket4 --create-path --owner root
--acls name=dees\\john,type=user,perm=READ --
zone=System

Complete Bucket Create

The graphic shows the Create a Bucket fields entry and the CLI
command to view an existing bucket.

S3 Bucket Table

The Buckets tab shows the created buckets in a list view.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 234

S3 Buckets

CLI command to list the buckets:

isi s3 buckets list

Key Management

A key must be created to authenticate the access. Key management from

the WebUI facilitates generation of secret keys and access ID. The
example shows key creation using the CLI.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 235

S3 Buckets

Accessing the S3 Bucket

The example shows using an Amazon S3 browser to connect to the

configured buckets on the PowerScale cluster.

Considerations

Listed are areas to consider:

• S3 uses its own method of authentication which relies on access keys
that are generated for the user.
• Users have only one access key ID. However, users may have at most
two secret keys when the old key has an expiry date set.
• 16 TB object size limitation
• Use SyncIQ to replicate S3 buckets
• Use SmartPools to tier S3 buckets
• Use SnapshotIQ to version S3 buckets

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 236

S3 Buckets

Best Practices and Resources

• The S3 protocol allows you to upload a large file as multiple parts

rather than as a single request.
• Use multiple network ports for network resiliency.
• Use ranged GETs to benefit small I/O performance.
• For more information on OneFS S3 implementation see the
PowerScale OneFS S3 Overview and the PowerScale: OneFS S3
API Guide, located on the Dell PowerScale Protocols page.

Services

• /var/log/s3.log for general errors.

• /var/log/lwsmd.log for problems with service mgmt such as
service startup issues.
• CELOG - logs service start failure, user identity query failure, SBT
bucket ID Invalid, and SBT full.
• SRS data includes buckets, log-level, global settings, zone settings,
and components of the service registry.
• You can use isi statistics and isi performance for S3
metrics.

Challenge

Lab Assignment: Log in to the cluster and create an S3 bucket. Add

objects to the bucket and access the data over SMB.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 237

HDFS

Hadoop Introduction

The Hadoop Distributed File System (HDFS) protocol enables a cluster to

work with Apache Hadoop, a framework for data-intensive distributed
applications.

In a typical enterprise environment, Hadoop analyzes existing data to

improve processes and performance depending on the business model.

Click to view the entire HDFS topic.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 238

Data Protection Administration

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 239

HDFS

Data Protection Administration

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 240

File Striping

Scenario

The IT manager wants to know about the process of striping and how the
operating system stripes a file. Describe in detail how files are broken up
for file stripes with diagrams for high-level file striping steps.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 241

File Striping

Introduction to File Striping

OneFS protects files as the data is being written. Striping protects the
cluster data and improves performance. To understand OneFS data
protection, the first step is grasping the concept of data and forward error
correction or FEC stripes.

• File Stripes - files are logically segmented into 128 KB stripe units to
calculate protection.
• FEC stripe unit - FEC stripe unit is the calculated piece of data
protection.
• Data stripe units(DSU) + FEC stripe units = Stripe width. In the
graphic, the stripe width is 12 (six DSU [1 MB file data] + 2 FEC).
• 16 data stripe units + 4 FEC = Maximum Stripe width of 20.
• 16 data stripe units = 2 MB. Files larger than 128 KB will have more
than one data stripe units.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 242

File Striping

Data and FEC Stripe Units

The data stripe units and protection stripe units are calculated for each file
stripe by the Block Allocation Manager (BAM) process123.

F200 example with +1n protection.

1: A file is divided into 128 KB data stripes unit.

2: The protection is calculated based on the requested protection level for

each file stripe using the data stripe units that are assigned to that file
stripe.

3: The combined 128 KB stripe units are called the Stripe Width. A single
file stripe width can contain up to 16, 128 KB data stripe units for a
maximum size of 2 MB as the files data portion. A large file has thousands
of file stripes per file that is distributed across the node pool.

123The BAM process calculates 128 KB FEC stripe units to meet the
protection level for each file stripe. The higher the protection level, the
more FEC stripes units are calculated.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 243

File Striping

4: Each data stripe unit consists of sixteen 8 K blocks.

16 X 8 K = 128 KB

File Striping Steps

The steps show a simple example of the write process. The client saves a
file to the node that it is connected to. The file is divided into data stripe
units. The data stripe units are assembled into the maximum stripe widths
for the file. FEC stripe units are calculated to meet the Requested
Protection level. Then the DSU and FEC stripe units are striped across
nodes.

Step 1

OneFS stripes the data stripe units and FEC stripe units across the nodes
that make up the node pool. Some protection schemes124 use more than
one drive per node.

124 OneFS uses advanced data layout algorithms to determine data layout
for maximum efficiency and performance. Data is evenly distributed
across nodes in the node pool as it is written. The system can
continuously reallocate where the data is stored and make storage space
more usable and efficient. Depending on the file size and the stripe width,
as the cluster size increases, the system stores large files more efficiently.
Every disk within each node is assigned both a unique GUID (global
unique identifier) and logical drive number. The disks are subdivided into
32-MB cylinder groups that are composed of 8-KB blocks. Each cylinder
group is responsible for tracking, using a bitmap, whether its blocks are
used for data, inodes or other metadata constructs. The combination of

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 244

File Striping

Graphic shows Gen6 cluster with a simple example of the write process.

Step 2

If the file is greater than 128 KB, then the file is divided into data stripe
units.

node number, logical drive number, and block offset make the block or
inode address, which the Block Allocation Manager controls.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 245

File Striping

Step 3

The node that the client connects to is the node that performs the FEC
calculation.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 246

File Striping

Step 4

The data stripe units are assembled to maximum stripe width for the file.
Also, here the protection level that is configured is N+1n125.

Step 5

Depending on the write pattern, the data and FEC stripes might be written
to one drive per node or two drives per node. The important take away is
that files segment into stripes of data, FEC is calculated, and this data
distributes across the cluster.

125 one disk per node/one FEC

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 247

File Striping

Considerations: File Striping

Listed are areas to consider when discussing file striping.

• The maximum of 16 data stripe units per file stripe means that the
maximum file portion in a file stripe is 2 MB (16 x 128 KB).
• If a file does not fill the 128 KB stripe unit, the stripe unit is not padded
(the extra capacity is usable by the cluster).
• Files less than 128 KB are mirrored - not erasure coded. For example,
a 100 KB file with 2d:1n protection has a 3x mirror.
• The file size and protection level determine the capacity efficiency.
• At 80% capacity consumption, the organization should begin the
process of adding more nodes to prevent the cluster from going
beyond 90%. Do not exceed 90% capacity consumption.

Challenge

1. Arrange the file striping steps in the correct order.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 248

File Striping

5 Data and FEC units are striped across nodes.

4 The stripe width is assembled.
2 Connected node divides the file into data stripe units.
3 Connected node calculates FEC stripe units.
1 Client connects to a node and saves the files.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 249

Data Protection

Scenario

The IT manager wants to understand all the intricacies of data protection.

Describe data protection levels in OneFS, define stripes and stripe units,
elaborate on how data protection works and how it is configured.

OneFS Data Protection

Data protection is one of the variables that are used to determine how
data is laid out. OneFS is designed to withstand multiple simultaneous
component failures while still affording access to the entire file system and
dataset.
• OneFS uses the Reed-Solomon algorithm
• The data can be protected up to an N+4n scheme.
• In OneFS, protection is calculated per individual file.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 250

Data Protection

Important: Files smaller than 128 KB are treated as small

files. Due to how OneFS applies protection, small files are
mirrored.

Data Protection Improvements

In Gen6 nodes, data protection and efficiency focus on:

• Mirrored Journal
• Smaller neighborhood126

In Gen6.5 nodes, the journal is stored on an NVDIMM127 that is battery

protected.

126 Smaller neighborhoods improve efficiency by the fact that the fewer
devices you have within a neighborhood, the less chance that multiple
devices will simultaneously fail.
127 The F200, F600, and F900 use a 16 GB NVDIMM for the journal. The

NVDIMM battery protects the journal in an unexpected power loss

situation and enables vault operations. The vault operation saves contents
from DRAM to NVDIMM flash, and a restore process moves contents from
NVDIMM back to DRAM during BIOS initialization on power-up.
isi_hwmon monitors NVDIMM and the NVDIMM battery. If the NVDIMM
battery cannot support a vault operation, the node becomes read-only.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 251

Data Protection

Data Protection Terms

N+Mn

N+Mn is the primary protection level in OneFS.

• N128
• M129
• Mn130
• N+Mn131

128 The “N” is the number of data stripes.

129 The M value represents the number of simultaneous tolerable drive
failures on separate nodes without data loss. It also represents the
number of FEC stripe units per protection stripe.
130 The “Mn” is the number of simultaneous drive or node failures that can

be tolerated without data loss.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 252

Data Protection

• N=M132
• N>M133

The number of sustainable drive failures are per disk pool. Multiple drive
failures on a single node are equivalent to a single node failure. The drive
loss protection level is applied per disk pool.

Protection Drive Node Minimum Node Maximum

Level Failures failures Pool Size Stripe Width

N+1n 1 1 3 nodes -(2 data + 17-(16 data +

1 FEC) 1 FEC)

N+2n 2 2 5 nodes -(3 data + 18 -(16 data

2 FEC) + 2 FEC)

N+3n 3 3 7 nodes -(4 data + 19 -(16 data

3 FEC) + 3 FEC)

N+4n 4 4 9 nodes -(5 data + 20 - (16 data

4 FEC) + 4 FEC)

131 The available N+Mn Requested Protection levels are plus one, two,
three, or four “n” (+1n, +2n, +3n, and +4n). With N+Mn protection, only
one stripe unit is written to a single drive on the node.
132 If N equals M, the protection overhead is 50 percent. For example, with

N+2n, a file size 256 KB has a 50% protection overhead (256 KB = 2

stripe units).
133 N must be greater than M to gain efficiency from the data protection. If

N is less than M, the protection results in a level of FEC calculated

mirroring.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 253

Data Protection

N+Md: Bn Protection

The “d” is the number of drives and “n” is the number of nodes. So
N+3d:1n reads as N+3 drives or one node.

Unlike N+Mn, N+Md: Bn has different values for the number of drive loss
and node losses that are tolerated before data loss may occur. When a
node loss occurs, multiple stripe units are unavailable from each
protection stripe, and the tolerable drive loss limit is reached.
• M134
• d135
• Colon (:)136
• B137
• n138

134 In this protection level, M is the number of drives per node onto which a
stripe unit is written.
135 The number of drives.

136 The: (colon) represents an “or” conjunction.

137 The B value represents the number of tolerated node losses without

data loss.
138 “n” is the number of nodes.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 254

Data Protection

With Gen 6x, for better reliability, better efficiency, and simplified
protection, using +2d:1n, +3d:1n1d, or +4d:2n is recommended.

Minimum number of nodes in a node pool.139

Actual Protection Nomenclature

The Actual protection is represented differently than requested protection.

The table shows the representation for the requested protection and the
actual protection.

N is replaced in the actual protection with the number of data stripe units
for each protection stripe. If there is no / in the output, it implies a single
drive per node. Mirrored file protection is represented as 2x to 8x in the
output.

139Remember that Gen 6 requires a minimum of 4 nodes of the same

type, so where the minimum number of nodes of three is indicated, for
Gen 6 this is four. Gen 6.5 requires a minimum of 3 nodes of the same
type.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 255

Data Protection

The graphic shows the output showing Actual protection on a file from the isi get
command. The output displays the number of data stripe units plus the number of FEC
stripe units that are divided by the number of disks per node the stripe is written to.

Overhead Protection levels

The protection overhead for each protection level depends on the file size
and the number of nodes in the cluster. The percentage of protection
overhead declines as the cluster gets larger. In general, N+1n protection
has a protection overhead equal to the capacity of one node, N+2n to the
capacity of two nodes, N+3n to the capacity of three nodes, and so on.

Data mirroring requires significant storage overhead and may not always
be the best data-protection method. Example140

140If you enable 3x mirroring, the specified content is explicitly duplicated

three times on the cluster; depending on the amount of content being
mirrored, this can require a significant amount of capacity.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 256

Data Protection

The table shows the relative protection overhead associated with each FEC requested
protection level. Indicators include when the FEC protection would result in mirroring.

MTTDL

MTTDL deals with how long you can go without losing data. MTTDL is
used to calculate the OneFS suggested protection.
• Accommodate failures141
• Disk pools142
• MTBF143

141 Because there are so many disk drives in a large PowerScale

installation, it is common for a drive to be down at one time or another.
Where other systems try to harden against failures, PowerScale
accommodates them. OneFS expects that any device could fail at any
point in time.
142 Disk pools improve MTTDL because they create more failure domains,

improving the statistical likelihood of tolerating failures over the lifetime of

the equipment.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 257

Data Protection

Quorum

For the cluster to properly function and accept

data writes, a quorum of nodes must be active
and responding.

• Greater than 50% available144

• No quorum - no writes145
• Protection level to minimum number of
nodes146

143 Mean Time Before Failure (MTBF) refers to individual component

failure. PowerScale subscribes to the "all devices do fail" philosophy
(MTTDL), whereas MTBF is a single-component view of reliability. MTTDL
is a better measure of what customers care about.
144 For a quorum, more than half the nodes must be available over the

internal, backend network to allow writes. An eight-node Gen 6 cluster, for

example, requires a five-node quorum.
145 If there is no node quorum, reads may occur, depending upon where

the data lies on the cluster but for the safety of new data, no new
information will be written to the cluster. So, if a cluster loses its quorum,
the OneFS file system becomes read-only and will allow clients to access
data but not to write to the cluster.
146 Each protection level requires a minimum number of nodes. For

example, N+2d:1n needs a minimum of four Gen 6 nodes. Why? You can
lose one node and still have three nodes up and running, greater than
50%. You must keep quorum to keep the cluster writable.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 258

Data Protection

N+2n vs. N+2d:1n Data Protection

There are six data stripe units to write a 768 KB file. The desired
protection includes the ability to sustain the loss of two hard drives.

1: Using N+2n protection, the 768-KB file will be placed into three
separate data stripes, each with two protection stripe units. Six protection
stripe units are required to deliver the requested protection level for the six
data stripe units. The protection overhead is 50 percent.

2: Using N+2d:1n protection the same 768-KB file requires one data
stripe, two drives wide per node and only two protection stripe units. The
eight stripe units are written to two different drives per node. The
protection overhead is the same as the eight node cluster at 25 percent.

3: If there is a eight node cluster, two FEC stripe units would be calculated
on the six data stripe units using an N+2n protection level. The protection
overhead in this case is 25 percent.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 259

Data Protection

Mirrored Data Protection

Mirroring is used to protect the file metadata and some system files that
exist under /ifs in hidden directories. Mirroring can be explicitly147 set as
the requested protection level in all available locations.

Use Case148

147 Mirroring is set as the actual protection on a file even though another
requested protection level is specified under certain conditions. If the files
are small, the FEC protection for the file results in a mirroring. The loss
protection requirements of the requested protection determine the number
of mirrored copies. Mirroring is also used if the node pool is not large
enough to support the requested protection level. For example, five nodes
in a node pool with N+3n Requested Protection, saves the file at 4X mirror
level, the actual protection.
148 One particular use case is where the system is used to only store small

files. A file of 128 KB or less is considered a small file. Some workflows

store millions of 1 KB to 4-KB files. Explicitly setting the requested
protection to mirroring can save fractions of a second per file and reduce
the write ingest time for the files.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 260

Data Protection

FEC Protection - Single Drive Per Node

Single Drive per Node

Some protection schemes use a single drive per node per protection
stripe. The graphic shows only a single data stripe unit, or a single FEC
stripe unit is written to each node. These protection levels are N+Mn.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 261

Data Protection

Example: N+Mn Protection Stripe

The table shows each requested N+Mn Requested Protection level over
the minimum number of required nodes for each level. The data stripe
units and protection stripe units149 can be placed on any node pool and in
any order.

+ 1n + 2n +3n +4n N+Mn Level

Data Data Data Data Node 1

Data Data Data Data Node 2

FEC Data Data Data Node 3

FEC Data Data Node 4

FEC FEC Data Node 5

FEC FEC Node 6

FEC FEC Node 7

FEC Node 8

149 The number of data stripe units depends on the size of the file and the
size of the node pool up to the maximum stripe width. N+1n has one FEC
stripe unit per protection stripe, N+2n has two, N+3n has three, and N+4n
has four. N+2n and N+3n are the two most widely used Requested
Protection levels for larger node pools, node pools with around 15 nodes
or more. The ability to sustain both drive or node loss drives the use when
possible.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 262

Data Protection

FEC Node 9

The number of data stripe units depends on the size of the file and the
size of the node pool up to the maximum stripe width. As illustrated, N+1n
has one FEC stripe unit per protection stripe, N+2n has two, N+3n has
three, and N+4n has four. N+2n and N+3n are the two most widely used
Requested Protection levels for larger node pools, node pools with around
15 nodes or more. The ability to sustain both drive or node loss drives the
use when possible.

FEC Protection - Multiple Drives Per Node

Multiple Drives per Node

N+M:B or N+Md:Bn protection schemes use multiple drives per node.

The multiple drives contain parts of the same protection stripe. Multiple
data stripe units and FEC stripe units are placed on a separate drive on
each node.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 263

Data Protection

The graphic shows an example of a 1 MB file with a Requested Protection of +2d:1n.

Four stripe units, either data or protection stripe units are placed on separate drives in
each node. Two drives on different nodes per disk pool can simultaneously be lost or a
single node without the risk of data loss.

N+Md: Bn Protection Levels

One stripe with multiple stripe units per node.

Protection Level Drives Node Failures Maximum Stripe

Failures Width

N+2d:1n 2 1 18 - (16 data + 2

FEC)

N+3d:1n 3 1 19 - (16 data + 3

FEC)

N+4d:1n 4 1 20 - (16 data + 4

FEC)

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 264

Data Protection

FEC Protection - Advanced

Advanced Protection

In addition to N+Md:Bn, there are two advanced150 forms of Requested

Protection. The benefit to the advanced N+Md:Bn protection levels are
they provide a higher level of node loss protection. Besides the drive loss
protection, the node loss protection is increased.

Protection Level Drive failures Other failures Maximum Data

Stripe Width

N+3d:1n1d 3 1 node + 1 18 - (15 data + 3

drive FEC)

N+4d:2n 4 2 nodes 20 - (16 data + 4

FEC)

150The available Requested Protection levels N+3d:1n1d and N+4d:2n.

N+3d:1n1d includes three FEC stripe units per protection stripe, and
provides protection for three simultaneous drive losses, or one node and
one drive loss. The higher protection provides the extra safety during data
rebuilds that are associated with the larger drive sizes of 4 TB and 6 TB.
The maximum number of data stripe units is 15 and not 16 when using
N+3d:1n1d Requested Protection. N+4d:2n includes four FEC stripe units
per stripe, and provides protection for four simultaneous drive losses, or
two simultaneous node failures.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 265

Data Protection

Example: Advanced N+Mn: Bn Protection Stripe

The table shows examples of the advanced N+Md:Bnprotection

schemes151. Two drives per node per protection stripe. The number of
FEC stripe units does not equal the number of drives that are used for the
protection stripe. Even if one node is lost, there is still a greater level of
protection available.

N+Md:Bn Node Node Node Node Node Node Drive

Level 1 2 3 4 5 6

+3d:1n1d Data Data FEC Data Data Data 1

3 FEC Data FEC Data FEC Data Data 2
stripe units,
2 Drive per
Node

+4d:2n Data Data FEC Data FEC Data 1

4 FEC Data FEC Data FEC Data Data 2
stripe units,
2 Drives
per Node

151Like other protection levels, the data stripe units and FEC stripe units
are placed on any node in the node pool and on any drive. N+3d:1n1d is
the minimum protection for node pools containing 6-TB drives. The use of
N+4d:2n is expected to increase especially for smaller to middle sized
node pools as larger drives are introduced.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 266

Data Protection

Protection Overhead

The protection overhead for each protection level depends on the file size
and the number of nodes in the cluster. The percentage of protection
overhead declines as the node pool gets larger.

• N+1n152
• N+2n153
• N+3n154
• Data Mirroring155

For better reliability, better efficiency, and simplified protection, use

N+2d:1n, N+3d:1n1d, or N+4d:2n, as indicated with a red box.

152 N+1n protection has a protection overhead equal to the capacity of one
node.
153 N+2n protection has a protection overhead equal to the capacity two

nodes.
154 N+3n is equal to the capacity of three nodes, and so on. OneFS also

supports optional data mirroring from 2x-8x, enabling from two to eight
mirrors of the specified content.
155 Data mirroring requires significant storage overhead and may not

always be the best data-protection method. For example, if you enable 3x

mirroring, the specified content is explicitly duplicated three times on the
cluster. Depending on the amount of content being mirrored, the mirrors
can require a significant amount of capacity.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 267

Data Protection

The table shows the relative protection overhead that is associated with each FEC
requested protection level available in OneFS. Indicators include when the FEC
protection would result in mirroring.

Considerations

As the cluster scales, the default protection may need adjusting. You may
not want to apply a higher protection to the entire cluster. Although you get
better protection, it is less efficient. Listed are areas to consider.

• The suggested protection feature is enabled on new clusters.156

• Higher protection levels impact utilization for small files.
• As protection increases, performance decreases.157
• Large158 archive clusters (20+ nodes) often require N+3.

156 On cluster upgrades, the feature is disabled by default.

157 Because the system is doing more work to calculate and stripe the

protection data – impact is approximately linear.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 268

Data Protection

• Set requested protection to mirroring or use SFSE for workflows with

small159 files.
• Gen 6 recommends N+2d:1n or N+3d:1n1d protection.
• Protect critical datasets160 with different policies.

Challenge

Lab Assignment: Review the data protection levels:

• Node pool protection levels

• Directory level protection
• File level protection

158 Other clusters work well with N+2 or N+2d:1n.

159 Some workflows store millions of 1 KB to 4 KB files.
160 The customer may want to protect some repositories at a higher level

than the cluster default.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 269

Protection Management

Scenario

The IT Manager wants to differentiate suggested, requested, and actual

protection. Explain the editing of file pool and node pool protection policies
and discuss the editing of file and directory level protection.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 270

Protection Management

Data Protection Types

1: Requested Protection is what is configured, it determines the amount of

redundant data on the cluster.

2: Mirrored protection copies data to multiple locations, it can have 2 to 8

mirrors.

3: Suggested is the protection OneFS recommends and cannot be

modified.

4: Actual is the level of protection OneFS applies to data. It can be more

than requested protection but never less.

Requested Protection

Requested Protection configuration is available at multiple levels. Each

level is used to control protection for specific reasons. A requested
protection level is assigned to every node pool. In OneFS, you set the
requested protection at the directory or individual file level. Management

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 271

Protection Management

of the requested protection levels is available using the WebUI, CLI, or

PAPI.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 272

Protection Management

Requested Protection Settings

Cluster-wide settings

The cluster-wide default data protection setting is made using the default
file pool161 policy.

To view or edit the default setting, go to File system > Storage pools >
File pool policies, and click View / Edit on the Default policy.

isi file pool policy modify finance --set-requested-

protection +3:1, sets the requested protection for the file pool policy
at +3d:1n.

161The View default policy details window displays the current default file
pool policy settings. The current protection is displayed under requested
protection. The default setting is to use the requested protection setting at
the node pool level as highlighted in the Edit default policy details window.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 273

Protection Management

Node pool settings

The default file pool policy protection setting uses the node pool or tier
setting. When a node pool is created, the default requested protection162
that is applied to the node pool is +2d:1n.

The current requested protection for each node pool is displayed in the
Tiers and node pools section.

162The minimum requested protection for an archive-series node pool is

+3d:1n1d. To meet the minimum, modify the archive-series node pool
requested protection.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 274

Protection Management

To view and edit the requested protection setting for the node pools in the WebUI, go to
the File system > Storage pools > SmartPools page. isi storagepool
nodepools modify v200_25gb_2gb --protection-policy +2n, sets the
requested protection of a node pool to +2n.

Directory and file settings

OneFS stores the properties for each file. To view the files and the next
level subdirectories, click the specific directory.

Manual settings163

163 Manual settings can be used to modify the protection on specific

directories or files. The settings can be changed at the directory,

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 275

Protection Management

Manual settings use case164

subdirectory, and file level. Best practices recommend against using

manual settings, because manual settings can return unexpected results
and create management issues as the data and cluster age. Once
manually set, reset the settings to default to use automated file pool policy
settings, or continue as manually managed settings. Manual settings
override file pool policy automated changes. Manually configuring is only
recommended for unique use cases. Manual changes are made using the
WebUI File system explorer or the CLI isi set command.
164 The isi set -p 4x -A on /ifs/finance/data use case for setting a directory

requested protection is that the /ifs/finance/data directory requires a 4x

mirror whereas all other node pool directories use the +2d:1n node pool
setting.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 276

Protection Management

To view directories and files on the cluster, go to File System > File system explorer.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 277

Protection Management

Use Case - Node Pool or Directory Requested

Protection

The graphic shows a workflow that moves data to an archive tier of storage.

SmartPools file pool policies automate data management including

applying requested protection settings to directories and files, the storage
pool location, and the I/O optimization settings.

• Archive tier on an A300 node pool

• File pool policy moves data from production H700 node pool to archive
pool
• Protection on production node pool is higher than protection of archive
node pool
• You can set Requested protection settings at the node pool level or at
the directory level

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 278

Protection Management

Suggested Protection

Suggested protection refers to the visual status and CELOG event

notification when node pools are set below the calculated suggested
protection level.

Suggested protection is important when monitoring the risk of data loss.

Caution: It is recommended that you do not specify a

setting below suggested protection. OneFS periodically
checks the protection level on the cluster and alerts you if
data falls below the recommended protection.

Not using the suggested protection does not mean that data loss occurs,
but it does indicate that the data is at risk. Avoid anything that puts data at
risk. What commonly occurs is a node pool starts small and then grows
beyond the configured requested protection level. The once adequate
+2d:1n requested protection level becomes no longer appropriate but is
never modified to meet the increased protection rrequirements. Not using
the suggested protection does not mean that data loss occurs, but it does
indicate that the data is at risk. Avoid anything that puts data at risk. What
commonly occurs is a node pool starts small and then grows beyond the
configured requested protection level.

The once adequate +2d:1n requested protection level becomes no longer

appropriate but is never modified to meet the increased protection
requirements. Not using the suggested protection does not mean that data

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 279

Protection Management

loss occurs, but it does indicate that the data is at risk. Avoid anything that
puts data at risk. What commonly occurs is a node pool starts small and
then grows beyond the configured requested protection level. The once
adequate +2d:1n requested protection level becomes no longer
appropriate but is never modified to meet the increased protection
requirements.

Suggested Protection Status

The Suggested protection feature provides a method to monitor and notify

users when the requested protection setting is different than the
suggested protection for a node pool.

The notification shows the suggested setting and node pools that are within suggested
protection levels are not displayed.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 280

Protection Management

Actual Protection

The actual protection165 applied to a file depends on the requested

protection level, the size of the file, and the number of node pool nodes.

The rules are:

• Actual protection must meet or exceed the requested protection level.

• Actual protection may change in the interests of efficiency. Case 1166
• Actual protection depends upon file size. Case 2167
• Both cases168

The chart indicates the actual protection that is applied to a file according
to the number of nodes in the node pool. If actual protection does not
match the requested protection level, it may change to be more efficient
given the file or number of nodes in the node pool.

165 The actual protection level is the protection level OneFS sets. Actual
protection is not necessarily the same as the requested protection level.
166 A requested protection of +2d:1n and there is a 2-MB file and a node

pool of at least 18 nodes, the file is laid out as +2n.

167 A 128-KB file is protected using 3x mirroring, because at that file size

the FEC calculation results in mirroring.

168 In both cases, the actual protection applied to the file exceeds the

minimum drive loss protection of two drives and node loss protection of
one node. The exception to meeting the minimum requested protection is
if the node pool is too small and unable to support the requested
protection minimums. For example, a node pool with four nodes and set to
+4n requested protection. The maximum supported protection is 4x
mirroring in this scenario.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 281

Protection Management

Actual Protection Representation

The actual protection is represented differently than requested protection.

The graphic shows the output showing actual protection on a file from the
isi get command.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 282

Protection Management

Tip: COAL in the output shows if write-coalescing is enabled.

Enabled169 is recommended for optimal write performance.

169 With asynchronous writes, OneFS buffers writes in memory. However,

if you want to disable this buffering, you should configure the applications
to use synchronous writes. If that is not possible, disable write-coalescing,
also known as SmartCache.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 283

Protection Management

isi get

The isi get command provides detailed file or directory information.

The primary options are –d <path> for directory settings and –DD
<path>/<filename> for individual file settings.

The graphic shows the isi get –DD output. The output has three
primary locations containing file protection. The locations are a summary
in the header, line item detail settings in the body, and detailed per stripe
layout per drive at the bottom.

Challenge

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 284

Protection Management

Lab Assignment: Configure the data protection levels at a node pool,

directory, and file level.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 285

Data Layout

Scenario

Now, examine how OneFS lays out the data on disks. The IT manager
wants to understand the data layout. Describe the different data access
pattern, illustrate an access pattern using concurrency and streaming.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 286

Data Layout

Data Layout Overview

1: The number of nodes in a node pool affects the data layout because
data spreads across all nodes in the pool. The number of nodes in a node
pool determines how wide the stripe can be.

2: The nomenclature for the protection level is N+Mn, where N is the

number of data stripe units and Mn is the protection level. The protection
level also affects data layout. You can change the protection level down to
the file level, and the protection level of that file changes how it stripes
across the cluster.

3: The file size also affects data layout because the system employs
different layout options for larger files than for smaller files to maximize
efficiency and performance. Files smaller than 128 KB are treated as
small files. Due to the way that OneFS applies protection, small files are
triple mirrored.

4: The access pattern modifies both prefetching and data layout settings
that are associated with the node pool. Disk access pattern can be set at a
file or directory level so you are not restricted to using only one pattern for
the whole cluster.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 287

Data Layout

There are four variables that combine to determine how OneFS lays out
data.

The variables make the possible outcomes almost unlimited when trying to
understand how the cluster behaves with varying workflow with differing
variables.

You can manually define some aspects of how it determines what is best,
but the process is automated.

Data Access Patterns

You can tune how files are accessed to better suit the workflows. The data
access pattern defines the optimization settings for accessing data.

1: Concurrency is the default data access pattern. It is used to optimize

workflows with many concurrent users accessing the same files. The
preference is that each protection stripe for a file is placed on the same
drive or drives depending on the requested protection level. For example,
a large file with 20 protection stripes, each stripe unit from each protection
stripe would prefer placement on the same drive in each node.
Concurrency influences the prefetch caching algorithm to prefetch and
cache a reasonable amount of anticipated data during a read access.

2: Use Streaming for large streaming workflow data such as movie or

audio files. Streaming prefers to use as many drives as possible, within

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 288

Data Layout

the given pool, when writing multiple protection stripes for a file. Each file
is written to the same subpool within the node pool. Streaming maximizes
the number of active drives per node as the streaming data is retrieved.
Streaming also influences the prefetch caching algorithm to be highly
aggressive and gather all associated data possible.

3: A random access pattern prefers using a single drive per node for all
protection stripes for a file, like a concurrency access pattern. With
random however, the prefetch caching request is minimal. Most random
data does not benefit from prefetching data into cache.

Access Pattern Example: Streaming with 1 MB File

A 1 MB file is divided into eight data stripe units and three FEC units. The
data is laid out in three stripes. With a streaming access pattern, more
spindles are preferred. 1 MB file split into eight stripe unit and three stripes
- streaming uses spindles.

The graphic is a representation of a Gen6 chassis with four nodes. Each node has five
drive sleds. Each drive sled has three disks. The disk that is used is in the same
neighborhood (orange), do not traverse to disks in the other neighborhoods (gray).

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 289

Data Layout

Access Pattern Example: Concurrency with 1-MB File

A 1 MB file is divided into eight data stripe units and three FEC units. The
data is laid out in three stripes, one drive wide.

The graphic is a representation of a Gen6 chassis with four nodes. Each node has five
drive sleds. Each drive sled has three disks. The orange disk represents a neighborhood.

Tip: For more examples of data layout using concurrency,

see here.

Data Layout Management

Configuring the data access pattern is done on the file pool policy, or
manually at the directory and file level. Set data access patterns using the
WebUI or use isi set for directory and file level or isi file pool
policy for file pool policy level.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 290

Data Layout

For WebUI Administration, go to File systems > Storage pools > File pool policies.

Challenge

1. Match the data access pattern with its description.

A. Random C Prefetch caching algorithm is

highly aggressive and gathers all
associated data possible.

B. Concurrent A Prefetch catching algorithm

gathers minimal amount of data.

C. Streaming B Prefetch caching algorithm

gathers reasonable amount of
anticipated data during read
access.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 291

Storage Pools Administration

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 292

Data Layout

Storage Pools Administration

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 293

Storage Pools

Scenario

Before configuring the file policies and tiering data, the IT manager wants
to know about the components of storage pools. Give a thorough
explanation that includes all the important details.

Storage Pools Overview

Storage pools are an abstraction layer that encompasses disk pools,

neighborhoods, node pools, and tiers.

Storage pools monitor the health and status at the node pool level. Using
storage pools, multiple node pools can all co-exist within a single file
system, with a single point of management.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 294

Storage Pools

Storage Pool Anatomy

Storage pools differ between Gen6 nodes and PowerScale F200/600/900

nodes.

Gen6 drive sleds have three, four, or six drives170 whereas the F200 has 4
drive bays F600 has 8 drive bays and F900 has 24 drive bays.

170 Drives are segmented into disk pools, creating a failure domain.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 295

Storage Pools

Storage Pool Components

Exploring the building blocks and features of storage pools helps

understand the underlying structure when moving data between tiers. The
storage pool components, SmartPools, File Pools ,and CloudPools are
covered in detail in other topics.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 296

Storage Pools

Disk Pool

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 297

Storage Pools

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 298

Storage Pools

Disk pools are a subset of disks within a neighborhood.

Disk pools provide separate failure domains. Each drive within the sled is
in a different disk pool, lessening the chance for data unavailability.

Data protection stripes or mirrors do not span171 disk pools.

171Not spanning disk pools the granularity at which files are striped to the
cluster. Disk pool configuration is automatic and cannot be configured
manually. Removing a sled does not cause data unavailability as only one
disk per disk pool is temporarily lost.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 299

Storage Pools

Neighborhood

Neighborhoods are a group of disk pools and can span from 4 up to 19

nodes for Gen6 nodes. Nodes have a single neighborhood from 1-to-19
nodes. Neighborhoods are automatically assigned and not configurable.

Subpool/Neighborhood F200/600/900 Gen6

Ideal number of nodes 20 nodes 10 nodes

Max number of nodes 39 nodes 19 nodes

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 300

Storage Pools

Node pool splits at node number 40 20

Gen6 Neighborhood

A Gen6 node pool splits into two neighborhoods when adding the 20th
node172. One node from each node pair moves into a separate
neighborhood.

Though a chassis-wide failure is highly unlikely, OneFS takes precautions

against chassis failure once a cluster is large enough. Nodes sharing a
chassis are split across fault domains, or neighborhoods, to reduce the
number of node failures occurring within one fault domain. The split is
done automatically.

172After the 20th node up to the 39th node, no two disks in a given drive
sled slot of a node pair share a neighborhood. The neighborhoods split
again when the node pool reaches 40 nodes.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 301

Storage Pools

Gen6 Chassis Failure

The graphic shows a 40 node cluster used to illustrate a chassis failure.

Once the 40th node is added, the cluster splits into four neighborhoods,
labeled NH 1 through NH 4.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 302

Storage Pools

Node Pool

A node pool is a group of similar or identical nodes. A node pool is the

lowest granularity of storage space that users manage.

OneFS can group multiple node pools with similar performance

characteristics into a single tier with the licensed version of SmartPools.

Creating multiple tiers in a cluster can meet the business requirements

and optimize storage usage.

The maximum number of like nodes in a node pool is 252.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 303

Storage Pools

SmartPools

SmartPools is a licensable software module that provides basic features in

an unlicensed state and advanced features when licensed.

SmartPools Basic173

SmartPools Advanced174

File Pools

File pools are the SmartPools logical layer, at which file pool policies are
applied.

173 The basic version of SmartPools supports virtual hot spares, enabling
space reservation in a node pool for re-protection of data. OneFS
implements SmartPools basic by default. You can create multiple node
pools, but only a single tier and only a single file pool. A single tier has
only one file pool policy that applies the same protection level and I/O
optimization settings to all files and folders in the cluster.
174 More advanced features are available in SmartPools with a license.

With the advanced features you can create multiple tiers and file pool
policies that direct specific files and directories to a specific node pool or a
specific tier.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 304

Storage Pools

File pool policies provide a single point of management to meet

performance, requested protection level, space, cost, and other
requirements.

User created, and defined policies are set on the file pools.

CloudPools

CloudPools is an extension of the SmartPools tiering capabilities in the

OneFS operating system. The policy engine seamlessly optimizes data
placement that is transparent to users and applications.

Moving the cold archival data to the cloud, lowers storage cost and
optimizes storage resources.

CloudPools offers the flexibility of another tier of storage that is off-

premise and off-cluster.

CloudPools eliminates management complexity and enables a flexible

choice of cloud providers.

Node Loss: A loss of a node does not automatically start reprotecting

data. Many times a node loss is temporary, such as a reboot. If N+1 data
protection is configured on a cluster, and one node fails, the data is
accessible from every other node in the cluster. If the node comes back
online, the node rejoins the cluster automatically without requiring a
rebuild. If the node is physically removed, it must also be smartfailed. Only
Smartfail nodes when needing to remove from the cluster permanently.

Storage Pool CLI

The graphic shows the isi storagepool settings view command

with user-configured settings highlighted.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 305

Storage Pools

Serviceability

Listed are the CLI options that can help get information about storage
pools.

• To view the storage pool status and details

• isi storagepool list
• To view the health of storage pools

• isi status -p

Challenge

Lab Assignment: Go to the lab and verify the storage pool settings.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 306

File Pools

Scenario

The media team needs their storage on disks that do not compete with the
other disks. Provide information on segregating data into different node
pools.

File Pool Policies Overview

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 307

File Pools

File pool policies automate file movement, enabling users to identify and
move logical groups of files.
• User-defined filters175
• File-based, not hardware-based176
• User-defined or default protection and policy settings177

The example shows that each policy has a different optimization and
protection level. A file that meets the policy criteria for tier 3 is stored in the
tier 3 node pool with +3d:1n1d protection. Also, the file is optimized for
streaming access.

Default File Pool Policy

The default file pool policy is defined under the default policy.

Select each information icon for setting details.

175 Files and directories are selected using filters and apply actions to files
matching the filter settings. The policies are used to change the storage
pool location, requested protection settings, and I/O optimization settings.
176 Each file is managed independent of the hardware, and is controlled

through the OneFS operating system.

177 Settings are based on the user-defined and default storage pool

policies. File pool policies add the capability to modify the settings at any
time, for any file or directory.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 308

File Pools

1: The individual settings in the default file pool policy apply to files not
defined in another file pool policy that you create. Default file pool policy
cannot be reordered or removed.

2: To modify the default file pool policy, click File system, click Storage
pools, and then click the File pool policies tab. On the File pool
policies page, next to the Default policy, click View/Edit.

3: You can choose to have the data that applies to the Default policy
target a specific node pool or tier or go anywhere. Without a license, you
cannot change the anywhere target. If existing file pool policies direct
data to a specific storage pool, do not configure other file pool policies with
anywhere.

4: The SSD strategy for the Default policy can be defined.

5: You can specify a node pool or tier for snapshots. The snapshots can
follow the data, or go to a different storage location.

6: Assign the default requested protection of the storage pool to the policy,
or set a specified requested protection.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 309

File Pools

7: Under I/O optimization settings, SmartCache is enabled by default.

SmartCache writes data to a write-back cache instead of immediately
writing the data to disk. OneFS can write the data to disk at a time that is
more convenient.

8: In the Data access pattern section, you can choose between Random,
Concurrency, or Streaming.

• Streaming access enables aggressive prefetch (also called read-

ahead) on reads. It increases the size of file coalescers in the OneFS
write cache and changes the layout of files on disk (uses more disks
for FEC stripes). Streaming is most useful in workloads that do heavy
sequential reads and writes.
• Random essentially disables prefetch for both data and metadata.
Random is most useful when the workload I/O is highly random. Using
Random greatly reduces the cache "pollution" that could result from all
the random reads, for example prefetching blocks into cache that are
never read.
• Concurrency, the default access setting, is a compromise between
Streaming and Random. Concurrency enables some prefetch, which
helps sequential workloads, but not so much that the cache gets
"polluted" when the workload becomes more random. Concurrency is
for general-purpose use cases, good for most workload types or for
mixed workload environments.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 310

File Pools

File Pool Policies Use Case

This example is a use case where a media-orientated business unit wants

greater protection and an access pattern that is optimized for streaming.

A tier that is called media tier with a node pool has been created.

The business unit targets their mp4 marketing segments to the media_tier
where the hosting application can access them.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 311

File Pools

File Pool Policy Filters

Create the filters in the File matching criteria section when creating or
editing a file pool policy.

Filter elements:
• Filter type178

178File pool policies with path-based policy filters and storage pool
location actions are run during the write of a file matching the path criteria.
Path-based policies are first started when the SmartPools job runs, after
that they are started during the matching file write. File pool policies with
storage pool location actions, and filters that are based on other attributes
besides path, write to the node pool with the highest available capacity.
The initial write ensures that write performance is not sacrificed for initial
data placement.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 312

File Pools

• Operators179
• Multiple criteria180

SSD Options

With the exception of F-Series nodes, if a node pool has SSDs, by default
the L3 cache is enabled on the node pool. To use the SSDs for other
strategies, first disable L3 cache on the node pool. Manually enabling SSD
strategies on specific files and directories is not recommended.

Select each tab for more information.

Metadata Read Acceleration

SSDs for Metadata Read Acceleration is the recommended setting. The

setting ensures that OneFS stores one metadata mirror of a file on SSDs,
while storing all other file metadata mirrors on hard drive. OneFS
preferentially reads the metadata mirror on SSD when the file is accessed.

Pros Cons

179 Operators can vary according to the selected filter. You can configure
the comparison value, which also varies according to the selected filter
and operator. The Ignore case box should be selected for files that are
saved to the cluster by a Windows client.
180 The policy requires at least one criterion, and allows multiple criteria.

You can add AND or OR statements to a list of criteria. Using AND adds a
criterion to the selected criteria block. Files must satisfy each criterion to
match the filter. You can configure up to three criteria blocks per file pool
policy.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 313

File Pools

Do not need numerous SSDs to be Does not help random writes –

effective. metadata updates use the HDDs.

Benefits random reads by allowing Usually shows small SSD utilization:

quicker access to metadata. clients may ask “Where is the value”
or complain it was over configured
Helps Job Engine - all random
lookups and treewalks are faster
as one copy of metadata is always
on SSD.

Metadata Read/Write Acceleration

Metadata read/write acceleration requires more SSD space. OneFS writes

all metadata mirrors to SSDs. Metadata usage can consume up to six
times more SSD space than the metadata read strategy.

Pros Cons

All metadata is on SSDs - Need enough SSD space to hold all the
speeds random lookups and metadata. Typically, two SSDs per
treewalks. node is good, especially with denser
options.

Metadata updates use SSDs - Hard to size - variable number of files.

speeds up creates, writes, and
deletes including SnapShot Significant performance impact when
deletes. SSDs reach 100% capacity.

Data and Metadata

Regardless of whether you enable global namespace acceleration, any

SSD blocks reside on the storage target, provided there is room.

Pros Cons

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 314

File Pools

Only way to guarantee data pins to Expensive - cost of SSDs

SSDs - good for small, intense
workloads

Can co-exist with metadata Must manage path capacity to

acceleration - cannot mix with L3 on avoid overfilling SSDs - directory
same node pool. quota can help.

Must manage total SSD capacity

utilization - can push metadata
from SSD, which has a wide
impact.

Heavy workloads may cause

queueing to SSD, slowing
metadata operations for other
workloads.

Avoid SSDs

Using the 'Avoid SSD' option affects performance. This option writes all
file data and all metadata mirrors to HDDs. Typically, use this setting when
implementing L3 cache and global namespace acceleration (GNA) in the
same cluster. You create a path-based file pool policy that targets an L3
cache enabled node pool. The data SSD strategy and snapshot SSD
strategy for this L3 cache enabled node pool should be set to ‘Avoid SSD’.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 315

File Pools

File Pool Policies Jobs

File pool policies are applied to the cluster by a job.

• SetProtectPlus job181 - SmartPools unlicensed
• SmartPools job182 - SmartPools licensed
• FilePolicy job183 - find files needing policy changes (OneFS 8.2.0)
• SmartPoolsTree job184 - Selectively apply SmartPools file pool policies

181 The SetProtectPlus job applies the default file pool policy.
182 When SmartPools is licensed, the SmartPools job processes and
applies all file pool policies. By default, the job runs at 22:00 hours every
day at a low priority.
183 Uses a file system index database on the file system instead of the file

system itself to find files needing policy changes. By default, the job runs
at 22:00 hours every day at a low priority. The FilePolicy job was
introduced in OneFS 8.2.0.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 316

File Pools

Policy Template

Template settings are preset to the name of the template along with a brief
description. You can change the settings.

Templates have a configured filter to achieve the specified function.

Template considerations:
• Opens a partially populated, new file pool policy.
• You must rename the policy.
• You can modify and add criteria and actions.
• Use in web administration interface only.

184The SmartPoolsTree job is used to apply selective SmartPools file pool

policies. The job runs the "isi filepool apply" command. The Job Engine
manages the resources that are assigned to the job. The job enables for
testing file pool policies before applying them to the entire cluster.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 317

File Pools

File Pool Policies Order

The order of the policy matters.

• The first matching policy is applied.
• Create an external policy list with filter criteria such as path or file
name.
• Prioritize match filter criteria order.
• Reorder policies to match prioritization.
• Default policy completes unassigned actions.

File Pool Policy Considerations

Plan to add more node capacity when the cluster reaches 80% so that it
does not reach 90%. The cluster needs the extra capacity for moving
around data, and for the VHS space to rewrite data when a drive fails.
Listed are more considerations.
• Avoid overlapping file policies where files may match more than one
rule. If data matches multiple rules, only the first rule is applied.
• File pools should target a tier and not a node pool within a tier.
• You can use the default policy templates as examples.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 318

File Pools

Serviceability

Listed here are the CLI options that can help get information about file
pools.
• If file pool policy rules are not being applied properly, check the policy
order.
• Test file pool policy before applying.

• isi filepool apply

• Syntax: isi filepool apply <path/file> -n -v -s
• Options:
• -n is to test but not apply.
• -v is for verbose output.
• -s prints statistics on processed files.

Activity: File Pools

The web version of this content contains an interactive activity.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 319

File Pools

Challenge

Lab Assignment: Go to the lab and configure a file pool policy.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 320

SmartPools

Scenario

Before configuring the file tiering, the IT manager wants to know about the
OneFS SmartPools settings. Describe the SmartPools settings and then
configure SmartPools.

SmartPools Overview

SmartPools enables the grouping of nodes into storage units that include
node pools, CloudPools, and tiers.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 321

SmartPools

With SmartPools, you can segregate data based on its business value,
putting data on the appropriate tier of storage with appropriate levels of
performance and protection.

Different generations185 of PowerScale storage can co-exist within a single

storage pool.

Use SmartPools to manage global storage pool settings.

SmartPools Licensing

SmartPools is a licensable software module that provides basic features in

an unlicensed state and advanced features when licensed.

Because of the availability to have multiple data target locations, some

additional target options are enabled in some global settings.

185
Node pool membership changes through the addition or removal of
nodes to the cluster. Typically, tiers are formed when adding different
node pools on the cluster.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 322

SmartPools

Function Unlicensed Licensed

Automatic node pool Yes Yes

provisioning

Number of tiers Multiple Multiple

Number of file pool One (default file Multiple

policies, pool policy)
File pool policy targets

File pool policy filters No Multiple

Policy-based One Multiple

protection level
Metadata acceleration
setting
I/O optimization
Snapshot target

Specify spillover No Yes

target.

VHS and GNA Yes Yes

SmartPool Settings

Cache Statistics

The isi_cache_stats command accurately assesses the performance

of the various levels of cache at a point in time. Statistics for L1, L2, and
L3 cache are displayed for both data and metadata.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 323

SmartPools

GNA

SmartPools can automatically transfer data among tiers with different

performance and capacity characteristics.

• Minimum 1.5% of all disk capacity must be SSD and 20% of nodes
must contain SSDs.
• Use SSDs to store metadata mirror in different node pools.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 324

SmartPools

• Accelerates all namespace reads across cluster.

• L3 cache enables node pools not considered in GNA calculations.

Global namespace acceleration, or GNA, enables the use of SSDs for

metadata acceleration across the entire cluster.

CLI command to enable GNA: isi storagepool modify --global-

namespace-acceleration-enabled yes

GNA Aspects

The table highlights the pros and cons of enabling GNA.

Pros Cons

Allows metadata read acceleration for Difficult to manage and size the
non-SSD nodes - need some nodes disk
with SSDs.
Hard rules and limits

Helps Job Engine and random reads Links expansion of one tier to
another tier to adhere to the
limits.

L3 Cache

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 325

SmartPools

L3 cache is enabled by default for all new node pools that are added to a
cluster.

L3 cache is either on or off and no other visible configuration settings are

available.

Any node pool with L3 cache enabled is excluded from GNA space
calculations and do not participate in GNA enablement.

VHS

Virtual hot spare, or VHS, allocation enables space to rebuild data when a
drive fails.

When selecting the option to reduce the amount of available space, free-
space calculations exclude the VHS reserved space.

OneFS uses the reserved VHS free space for write operations unless you
select the option to deny new data writes.

Command example that reserves 10% capacity for VHS: isi

storagepool settings modify --virtual-hot-spare-limit-
percent 10

Spillover

Spillover is node capacity overflow management.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 326

SmartPools

With the licensed SmartPools module, you can direct data to spillover to a
specific node pool or tier group.

If spillover is disabled, file is not moved to another node pool.

CLI command to disable spillover: isi storagepool settings

modify --spillover-enabled no

Actions

The SmartPools action settings provide a way to enable or disable

managing requested protection settings and I/O optimization settings.

If you clear the box (disable), SmartPools does not modify or manage
settings on the files.

• Overrides any manually managed requested protection setting or I/O

optimization.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 327

SmartPools

• Useful to manually managed settings were made using file system

explorer or the isi set command.
• Override manually managed request protection.
• Override manually managed I/O optimization.

CLI command for setting Automatically Manage Protection to none: isi

storagepool settings modify --automatically-manage-
protection none.

CLI command to set the Automatically Manage I/O Optimization: isi

storagepool settings modify --automatically-manage-io-
optimization {all | files_at_default | none}.

Protection example: If a +2d:1n protection is set and the disk pool suffers
three drive failures, the data that is not lost can still be accessed. Enabling
the option ensures that intact data is still accessible. If the option is
disabled, the intact file data is not accessible.

GNA can be enabled if 20% or more of the nodes in the cluster contain
SSDs and 1.5% or more of the total cluster storage is SSD-based. The
recommendation is that at least 2.0% of the total cluster storage is SSD-
based before enabling GNA. Going below the 1.5% SSD total cluster
space capacity requirement automatically disables GNA metadata. If you
SmartFail a node that has SSDs, the SSD total size percentage or node
percentage containing SSDs could drop below the minimum requirement,
disabling GNA. Any node pool with L3 cache enabled is excluded from
GNA space calculations and do not participate in GNA enablement.

GNA also uses SSDs in one part of the cluster to store metadata for
nodes that have no SSDs. The result is that critical SSD resources are
maximized to improve performance across a wide range of workflows.

VHS example: If specifying two virtual drives or 3%, each node pool
reserves virtual drive space that is equivalent to two drives or 3% of their
total capacity for VHS, whichever is larger. You can reserve space in node
pools across the cluster for this purpose, equivalent to a maximum of four
full drives. If using a combination of virtual drives and total disk space, the
larger number of the two settings determines the space allocation, not the
sum of the numbers.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 328

SmartPools

SSD Usage Comparison

Comparison of L3 cache with the other SSD usage strategies

Assists With L3 Metadata Metadata GNA Data on

Read Read/Write SSD

Metadata Yes Yes Yes Yes No

Read

Metadata No 1 Mirror All Mirrors 1 No

Write Additional
Mirror

Data Read Yes No No No Yes

Data Write No No No No Yes

Job Engine Yes Yes Yes Yes No

Performance

Granularity Node Manual Manual Global Manual

Pool

Ease of Use High Medium Medium Medium Lowest

SmartPools Considerations

Listed are areas to consider when discussing SmartPools.

• SmartPools automatic provisioning divides equivalent node hardware

into disk pools. Subdividing the node disks into separately protected
disk pools increases resiliency against multiple disk failures.
• Disk pools are not user configurable, and a disk drive is only a member
on one disk pool or neighborhood.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 329

SmartPools

• Node pools must have at least four nodes for Gen6 and at least three
nodes for the F200/600/900. The default is one node pool per node
type and configuration.
• The file pool policy default is all files are written anywhere on cluster.
To target more node pools and tiers, activate the SmartPools license.

Activity: SmartPools

The web version of this content contains an interactive activity.

Challenge

Lab Assignment: Configure SmartPools.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 330

CloudPools

Scenario

Next, take the file pool policies to the CloudPools level. For some of the
long-term archive data, the group is looking at cloud options. Explain
CloudPools and how file pool policies are used with CloudPools.

CloudPools Overview and Example Video

CloudPools offers the flexibility of another tier of storage that is off-

premise and off-cluster. What CloudPools do is provide a lower TCO186 for

186CloudPools optimize primary storage with intelligent data placement.

CloudPools eliminates management complexity and enables a flexible
choice of cloud providers.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 331

CloudPools

archival-type data. CloudPools expands the SmartPools framework by

treating a cloud repository as an additional storage tier.

Customers who want to run their own internal clouds can use a
PowerScale installation as the core of their cloud.

The video provides a CloudPools overview and use case. See the student
guide for a transcript or download from the player.

Movie:

The web version of this content contains a movie.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 332

CloudPools

Important: The video demonstration displays older version of

OneFS UI. The new OneFS 9.4 version has UI changes, but
the functionality of all elements remain the same.

Link:
https://edutube.dell.com/Player.aspx?vno=ysxbj+pXwvWoRyg1bMcWuA=
=&attachments=true&autoplay=true

Shown is a PowerScale cluster with twelve nodes. A key benefit of

CloudPools is the ability to interact with multiple cloud vendors. Shown in
the graphic are the platforms and vendors that are supported as OneFS
8.1.1.

CloudPools is an extension of the SmartPools tiering capabilities in the

OneFS operating system. The policy engine seamlessly optimizes data
placement that is transparent to users and applications. Moving the cold
archival data to the cloud, lowers storage cost and optimizes storage
resources.

Let us look at an example, each chassis in the cluster represents a tier of

storage. The topmost chassis is targeted for the production high-
performance workflow and may have node such as F800s. When data is
no longer in high demand, SmartPools moves the data to the second tier
of storage. The example shows the policy moves data that is not accessed
and that is over thirty days old. Data on the middle tier may be accessed
periodically. When files are no longer accessed for more than 90 days,
SmartPools archives the files to the lowest chassis or tier such as A200
nodes.

The next policy moves the archive data off the cluster and into the cloud
when data is not accessed for more than 180 days. Stub files that are also
called SmartLinks are created. Stub files consume approximately 8 KB
space on the Isilon cluster. Files that are accessed or retrieved from the
cloud, or files that are not fully moved to the cloud, have parts that are
cached on the cluster and are part of the stub file. The storing of
CloudPools data and user access to data that is stored in the cloud is
transparent to users.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 333

CloudPools

CloudPools files undergo a compression algorithm and then are broken

into their 2 MB cloud data objects or CDOs for storage. The CDOs
conserve space on the cloud storage resources. Internal performance
testing does note a performance penalty for a plane compression and
decompressing files on read. Encryption is applied to file data transmitting
to the cloud service. Each 128 KB file block is encrypted using a AES 256
encryption. Then transmitted as an object to the cloud. Internal
performance testing notes a little performance penalty for encrypting the
data stream.

CloudPools Considerations

CloudPools uses the SmartPools framework to move data and state

information to off-cluster storage while retaining the ability to read, modify,
and write to data.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 334

CloudPools

Consider the following:

• Compression187
• 2 MB CDO size
• Compliance mode188

Resources: See the CloudPools Administration Guide in

the PowerScale Info Hub for information not covered in this
topic, such as best practices and troubleshooting.

187 In OneFS 8.2 and later, CloudPools compress data before sending it
over the wire.
188 CloudPools in OneFS 8.2 prevents enabling compliance mode on

stubs. Archiving a file before it is committed and moving a stub into a

compliance directory is denied.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 335

CloudPools

Cloud Providers and Storage

CloudPools supports the following cloud providers and associated storage

types:

• Dell EMC PowerScale189

189A secondary PowerScale cluster provides a private cloud solution. The

primary cluster archives files to the secondary cluster. Both clusters are
managed in your corporate data center. The secondary cluster must be

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 336

CloudPools

• Dell EMC ECS Appliance190

• Amazon S3191
• Amazon C2S S3192
• Microsoft Azure193

running a compatible version of OneFS. To act as a cloud storage

provider, the PowerScale cluster uses APIs that configure CloudPools
policies, define cloud storage accounts, and retrieve cloud storage usage
reports. These APIs are known collectively as the PowerScale Platform
API.
190 CloudPools supports ECS appliance as a cloud provider. ECS is a

complete software-defined cloud storage platform deployed on a turn-key

appliance from Dell EMC. It supports the storage, manipulation, and
analysis of unstructured data on a massive scale. The ECS appliance is
specifically designed to support mobile, cloud, big data, and next-
generation applications
191 CloudPools can be configured to store data on Amazon Simple

Storage Service (Amazon S3), a public cloud provider. CloudPools

supports only S3 Standard storage classes on Amazon S3. When you first
establish an account with Amazon S3, the cloud provider gives you an
account ID and allows you to choose a storage
region. Amazon S3 offers multiple storage regions in the U.S. and other
regions of the world.
192 CloudPools can be configured to store data on Amazon C2S

(Commercial Cloud Services) S3 (Simple Storage System). When you

configure CloudPools to use Amazon C2S S3 for cloud storage, in
addition to URI, username, and passkey, you must specify the S3 Storage
Region in the connection settings. When you first establish an account
with Amazon C2S, the cloud provider gives you an account ID and allows
you to choose a storage region. Amazon C2S offers multiple storage
regions in the U.S. and other regions of the world.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 337

CloudPools

• Google Cloud Platform194

• Alibaba Cloud195

CloudPools Administration

Configure and manage CloudPools from the WebUI File system, Storage
pools page, CloudPools tab. Managing CloudPools using the CLI is done
with the isi cloud command.

193 You can configure CloudPools to store data on Microsoft Azure, a

public cloud provider. CloudPools supports Blob storage, Hot access tiers
on Microsoft Azure. Cold blobs are not supported. When you establish an
account with Microsoft Azure, you create a username. Microsoft provides
you with a URI and a passkey. When you configure CloudPools to use
Azure, you must specify the same URI, username, and passkey.
194 CloudPools can store data on Google Cloud Platform, a public cloud

provider. CloudPools supports Standard, Nearline, and Coldline storage

types on Google Cloud Platform. Google Cloud Platform must be set to
interoperability mode. Once it is done, you can now configure Google
Cloud Platform as the provider in OneFS CloudPools.
195 CloudPools can store data on Alibaba Cloud, a public cloud provider.

CloudPools supports Standard OSS storage on Alibaba Cloud. When

configuring Alibaba Cloud as the provider, you must provide the Alibaba
URI, username, and passkey. Alibaba offers multiple sites in the U.S. and
other areas of the world. The URI indicates your chosen connection site.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 338

CloudPools

CloudPools Tab

File system >Storage pools page > CloudPools page.

Once the SmartPools and CloudPools licenses are applied, the WebUI
shows the cloud storage account options.

After a cloud storage account is defined and confirmed, the administrator

can define the cloud pool itself.

The file pool policies enable the definition of a policy to move data out to
the cloud.

Cloud Storage Account

The graphic shows the window for creating a cloud storage account.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 339

CloudPools

• You can create and edit one or more cloud storage accounts in
OneFS.
• Before creating a cloud storage account, establish an account with one
of the supported cloud providers.
• OneFS attempts to connect to the cloud provider using the credentials
you provide in the cloud storage account.

Cloud Storage Target

After creating a storage account, create a CloudPool and associate or

point it to the account.

The graphic shows the window to Create a CloudPool.

CloudPools SmartLink

Run the isi get -D command to see files archived to the cloud using
CloudPools.

The example checks to see if the local version on the cluster is a

SmartLink file.

If the SmartLinked field returns True, the file is archived.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 340

CloudPools

If the output is False, the file is not archived.

File Pool Policies - CloudPools

Excerpt from the WebUI > Storage pools page.

SmartPools file pool policies are used to move data from the cluster to the
selected CloudPools storage target.

When configuring a file pool policy, you can apply CloudPools actions to
the selected files.

CloudPools Settings

You may want to modify the settings for the file pool policy based on your
requirements. Modifications are not necessary for most workflows. You
can elect to encrypt and compress data.

Select each icon to learn more.

The graphic shows various default advanced CloudPool options that are
configured.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 341

CloudPools

1: You can encrypt data prior to archiving it to the cloud. Cloud data is
decrypted when accessed or recalled.

2: You can compress data prior to archiving to the cloud. Cloud data is
decompressed when accessed or recalled.

3: Set how long to retain cloud objects after a recalled file replaces the
SmartLink file. After the retention period, the cloud objects garbage
collector job cleans up the local resources allocated for the SmartLink
files, and removes the associated cloud objects.

4: If a SmartLink file has been backed up and the original SmartLink file is
subsequently deleted, associated cloud objects are deleted only after the
retention time of the backed-up SmartLink file has expired.

5: If a SmartLink file has been backed up and the original SmartLink file is
subsequently deleted, associated cloud objects are deleted only after the
original retention time, or a longer incremental or full backup retention
period, has expired.

6: Specifies how often SmartLink files modified on the cluster are written
to their associated cloud data objects.

7: Determines whether cloud data is cached when a file is accessed on

the local cluster.

8: Specifies whether cloud data is fully or partially recalled when you

access a SmartLink file on the cluster.

9: Specifies how long the system retains recalled cloud data that is in the
cache of associated SmartLink files.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 342

CloudPools

CLI for CloudPools

The output of the isi cloud command shows the actions that can be
taken.

1: Use to grant access to CloudPool accounts and file pool policies. You
can add and remove cloud resource, list cluster identifiers, and view
cluster details.

2: Used to manage CloudPool accounts. You can create, delete,

modify, and view a CloudPool account, and list the ClouldPool
accounts.

3: Use to archive or recall files from the cloud. Specify files individually, or
use a file matching pattern. Files that are targeted for archive must match
the specified file pool policy, or any file pool policy with a cloud target.

4: Use to manage CloudPools TLS client certificates. You can delete,

import, modify, view, and list certificates.

5: Use to manage CloudPool jobs. Use to cancel, create, pause,

resume, list, and view jobs. A CloudPools system job such as cache-
writeback cannot be canceled.

6: Use to configure and manage a CloudPool pool. You can create,

delete, modify, list, and view pools. OneFS no longer accesses the
associated cloud storage account when it is deleted. If a file pool policy
references the CloudPool, OneFS does not allow the delete.

7: Use to manage network proxies. You can create, delete, modify,

list, and view proxies. CloudPools prevents deletion of a proxy that is
attached to a cloud storage account.

8: Files that are stored in the cloud can be fully recalled using the isi
cloud recall command. Recall can only be done using the CLI. When
recalled, the full file is restored to its original directory. The file may be

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 343

CloudPools

subject to the same file pool policy that originally archived it, and rearchive
it to the cloud on the next SmartPools job run. If re-archiving is
unintended, the recalled file should be moved to a different, unaffected,
directory. The recalled file overwrites the stub file. You can start the
command for an individual file or recursively for all files in a directory path.

9: Use to manage CloudPool top-level settings. You can list and

modify CloudPool settings, and regenerate the CloudPool master
encryption key.

10: Use to restore the cloud object index (COI) for a cloud storage
account on the cluster. The isi cloud access add command also
restores the COI for a cloud storage account.

C2S Cloud Support

Commercial Cloud Service, or C2S, is the federal government private

cloud. Federal customers are mandated to use the C2S cloud.

• Support196
• Integration197
• No Internet connection198

196 C2S support delivers full CloudPools functionality for a target endpoint,
and supports the use with C2S Access Portal (CAP), and X.509 client
certificate authority. C2S also provides support (from AIMA) to securely
store certificates, validate, and refresh if needed.
197 The CloudPools C2S feature offers an integrated solution with AWS

Commercial Cloud Services (C2S), a private instance of the AWS

commercial cloud.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 344

CloudPools

CloudPools Limitations

Listed are limitations to CloudPools.

• File recall requires administrative action
• File spillover is not supported

In a standard node pool, file pool policies can move data from high-
performance tiers to storage tiers and back as defined by their access
policies. However, data that moves to the cloud remains stored in the
cloud unless an administrator explicitly requests data recall to local
storage. If a file pool policy change is made that rearranges data on a
normal node pool, data is not pulled from the cloud. Public cloud storage
often places the largest fees on data removal, thus file pool policies avoid
removal fees by placing this decision in the hands of the administrator.

The connection between a cluster and a cloud pool has limited statistical
features. The cluster does not track the data storage that is used in the
cloud, therefore file spillover is not supported. Spillover to the cloud would
present the potential for file recall fees. As spillover is designed as a
temporary safety net, once the target pool capacity issues are resolved,
data would be recalled back to the target node pool and incur an
unexpected fee.

Statistic details, such as the number of stub files on a cluster or how much
cache data is stored in stub files and would be written to the cloud on a
flush of that cache, is not easily available. No historical data is tracked on
the network usage between the cluster and cloud either in writing traffic or
in read requests. These network usage details should be viewed from the
cloud service management system.

198This service is 'air gapped' which means it has no direct connection to

the Internet.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 345

CloudPools

Activity: Cloudpools

The web version of this content contains an interactive activity.

Challenge

1. Select the features that are provided by CloudPools.

a. Policy-drive data tiering between PowerScale and third-party
cloud platforms.
b. Data compression capability before data is transferred over the
wire.
c. Move files between storage pools based on file type or file size.
d. Transfer data and operations from one PowerScale cluster to
another in the event of a disaster.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 346

Data Services Administration

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 347

CloudPools

Data Services Administration

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 348

File Filtering

Scenario

It appears to be that there are some types of files that need not be stored
in the production directories. The IT manager wants you to explain file
filtering and configure a policy to filter unnecessary files.

File Filtering Overview

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 349

File Filtering

OneFS with file filtering enables administrators the flexibility to:

• Deny writes for new files by creating a deny list.
• Prevent accessing existing files.
• Create explicit deny lists.199
• Create explicit allow lists.200

Considerations:
• No limit to extension list.
• Per access zone.201
• Configurable for the SMB defaults202.
• No license is required.

199 Explicit deny lists are used to block only the extensions in the list.
OneFS permits all other file types to be written. Administrators can create
custom extension lists based on specific needs and requirements.
200 Explicit allow list permits access to files only with the listed file

extensions. OneFS denies writes for all other file types.

201 The top level of file filtering is set up per access zone. When you

enable file filtering in an access zone, OneFS applies file filtering rules
only to files in that access zone.
202 OneFS does not take into consideration which file sharing protocol was

used to connect to the access zone when applying file filtering rules.
However, you can apply additional file filtering at the SMB share level.

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 350

File Filtering

Management of Existing Cluster Files

If enabling file filtering on an access zone with existing shares or exports,

the file extensions determine access to the files.
• User denied access203
• Administrator access204

203 Users cannot access files with a denied extension. OneFS can deny a
file through the denied extensions list, or because the extension is not
included as part of the allowed extensions list.
204 Administrators have full control to read or delete all files. Administrators

with direct access to the cluster can manipulate the files.

Dell Technologies PowerScale Administration - On Demand-SSP

File Filtering

• No filter equals access to all files.205

• Applies only to supported protocols206

File Filtering Use Cases

Select each item below to learn more about its use case.

Enforces organization policies.

A use case to enforce file filtering is to adhere to organizational policies.

This prevents users from writing personal and unnecessary files to the
cluster saving the overall capacity.

Meet compliance requirements.

With compliance considerations today, organizations struggle to meet

many of the requirements. For example, many organizations are required
to make all emails available for litigation purposes. To help ensure that
email is not stored longer than wanted, deny storing .pst.

205 How the file filtering rule is applied to the file determines where the file
filtering occurs. If a user or administrator accesses the cluster through an
access zone or SMB share without applying file filtering, files are fully
available.
206 File filters are applied only when accessed over the supported

protocols.

Dell Technologies PowerScale Administration - On Demand-SSP

File Filtering

Limit large-size file content to share.

Another use case is to limit the cost of storage. Organizations may not
want typically large files, such as video files, to be stored on the cluster, so
they can deny .mov or .mp4 file extension

Avoid potential copyright infringement issues.

An organizational legal issue is copyright infringement. Many users store

their .mp3 files on the cluster and open a potential issue for copyright
infringement.

Isolate access zone or share for only a specific file use.

Another use case is to limit an access zone for a specific application with
its unique set of file extensions. File filtering with an explicit allow list of
extensions limits the access zone or SMB share for its singular intended
purpose.

File Filtering Configuration

When enabling file filtering in an access zone, OneFS applies file filtering
rules only to files in that access zone.

Configure File Filtering

Dell Technologies PowerScale Administration - On Demand-SSP

File Filtering

You can configure file filtering at different levels.

You can configure file filters on the Protocols > Windows sharing (SMB)
> Default share settings page207.

Modify File Filtering

Access zone level: Web UI: Access > File filter > File filter settings.

Modify file filtering settings by changing the filtering method or editing file
extensions.

CLI: isi smb shares create and isi smb shares modify
commands. The administrative user must have the
ISI_PRIV_FILE_FILTER privilege.

207Configuring file filters on individual SMB shares enables more granular

control.

Dell Technologies PowerScale Administration - On Demand-SSP

File Filtering

Activity: File Filtering

The web version of this content contains an interactive activity.

Challenge

Your Challenge: Login to the cluster and configure file filtering on an SMB
share.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

Scenario

One of the lessons learned is that a small percentage of users would

consume a substantial portion of the storage capacity. To fix the problem
quotas were implemented. You are required to do the same on the
PowerScale system. Discuss the types of quotas, explain quota overhead,
and configure quotas on the directories.

SmartQuotas Overview Video

This video provides an overview for SmartQuotas. See the student guide
for a transcript of the video.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

Movie:

The web version of this content contains a movie.

Important: The video demonstration displays an older version

of the OneFS UI. The new OneFS 9.5 version has UI
changes, but the functionality of all elements remains the
same.

Link:
https://edutube.dell.com/Player.aspx?vno=tCIE1bGAUz6k3W1ic8tZfw==&
autoplay=true

SmartQuotas is a software module that is used to limit, monitor, thin

provision, and report disk storage usage at the user, group, and directory
levels. Administrators commonly use file system quotas for tracking and
limiting the storage capacity that a user, group, or project can consume.
SmartQuotas can send automated notifications when storage limits are
exceeded or approached.

Quotas are a useful way to ensure that a user or department uses only
their share of the available space. SmartQuotas are also useful for
enforcing an internal chargeback system. SmartQuotas contain flexible

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

reporting options that can help administrators analyze data usage

statistics for their Isilon cluster. Both enforcement and accounting quotas
are supported, and various notification methods are available.

Before OneFS 8.2, SmartQuotas reports the quota free space only on
directory quotas with a hard limit. For user and group quotas,
SmartQuotas reports the size of the entire cluster capacity or parent
directory quota, not the size of the quota. OneFS 8.2.0 includes
enhancements to report the quota size for users and groups. The
enhancements reflect the true available capacity that is seen by the user.

Quota Types

The File System uses the concept of quota types as the fundamental
organizational unit of storage quotas. Storage quotas comprise a set of
resources and an accounting of each resource type for that set. Storage
quotas are also called storage domains.

It is possible to create two types of storage quotas to monitor data:

• Accounting quotas
• Enforcement quotas

Storage quota limits and restrictions can apply to specific Users,

Directories or Groups.

You can choose to implement accounting quotas or enforcement quotas.

The table below displays the difference between the types.

Accounting Quotas Enforcement Quotas

Monitors disk usage Monitors and limits disk usage

Analysis and planning Enable notification

Threshold subtypes - advisory Threshold subtypes - hard and soft

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

Enforcement Quotas

Enforcement quotas include all the functionality of the accounting option

plus the ability to limit disk storage and send notifications. Using
enforcement limits, you can logically partition a cluster to control or restrict
how much storage that a user, group, or directory can use.

Enforcement quotas have three quota limits and are based on

administrator-defined thresholds:
• Hard quotas.
• Soft quotas.
• Advisory quotas.

SmartQuotas Implementation

Storage quota limits and restrictions can apply to specific Users,

Directories or Groups.

1: Directory and default directory quotas: Directory quotas are placed on a

directory and apply to all directories and files within that directory,
regardless of user or group. Directory quotas are useful for shared folders
where many users store data, and the concern is that the directory grows
unchecked.

2: User and default user quotas: User quotas are applied to individual
users and track all data that is written to a specific directory. User quotas
enable the administrator to control the capacity any individual user

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

consumes in a particular directory. Default user quotas are applied to all

users unless a user has an explicitly defined quota for that directory.
Default user quotas enable the administrator to apply a quota to all users,
instead of individual user quotas.

3: Group and default group quotas: Group quotas are applied to groups
and limit the amount of data that the collective users within a group can
write to a directory. Group quotas function in the same way as user
quotas, except for a group of people and instead of individual users.
Default group quotas are applied to all groups, unless a group has an
explicitly defined quota for that directory. Default group quotas operate like
default user quotas, except on a group basis.

Caution: Configuring any quotas on the root of the file

system (/ifs) could result in significant performance
degradation.

Default Quotas

Default Directory

Default Directory quotas apply a template configuration to another quota

domain. Common directory quota workflows such as home directories and
project management folders can have a default directory quota that
simplifies quota management.

For example, the Marketing team wants to restrict data based on

promotions for each quarter to 1 TB. One solution is to implement a quota
every time a new quarter begins and move forward. However, with default
directory quotas, the parent directory is set with the limit template that
should be inherited by all its immediate subdirectories.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

Default User or Group

Default user quotas are applied to all users unless a user has an explicitly
defined quota for that directory. Default user quotas enable the
administrator to apply a quota to all users, instead of individual user
quotas. Default group quotas operate like default user quotas, except on a
group basis.

For example, HR team's requirement policy states that every user should
be assigned a quota of 1 GB for their home directories. Creating a user
quota for each user in the organization is cumbersome and inefficient.
Instead, the lead administrator can create a default user quota 1 GB on
the folder hosting all the home directories.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

Creating Default Directory Quotas

The default directory quota is created using the CLI.208

The WebUI can be used to view the created quotas and their links. See
the student guide for information about quota links.

208 The 'isi quota' command is used to create the default directory quota.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

The top example shows creating a template on the Features directory.

The directory has a hard limit of 10 GB, an advisory at 6 GB, and a soft
limit at 8 GB with a grace period of 2 days.

The Unlink option makes the quota independent of the parent, meaning
modifications to the default directory quota no longer apply to the sub
directory. This example shows removing the link on the Screen_shots sub
directory and then modifying the default directory quota on the parent,
Quota, directory. Remove the link using the button on the WebUI or isi
quota quotas modify --
path=/ifs/training/Features/Quota/Screen_shots --
type=directory --linked=false. Using the --linked=true
option re-links or links to the default directory quota.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

Quota Accounting

The quota accounting options are Include snapshots in the storage quota,
209and enforce the limits for this quota based on:

• File system logical size210(default)

• Physical size211
• Application logical size212 (OneFS 8.2 and later).

209 Tracks both the user data and any associated snapshots. A single path
can have two quotas that are applied to it, one without snapshot usage
(default) and one with snapshot usage. If snapshots are in the quota, more
files are in the calculation.
210 Enforces the File system logical size quota limits. The default setting is

to only track user data, not accounting for metadata, snapshots, or

protection.
211 Tracks the user data, metadata, and any associated FEC or mirroring

overhead. This option can be changed after the quota is defined.

212 Tracks the usage on the application or user view of each file.

Application logical size is typically equal or less than file system logical

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

Overhead Calculations

Most quota configurations do not need to include overhead calculations.

If configuring overhead settings, do so cautiously, because they can affect

the amount of disk space that is available to users.

The graphic shows an example of quota enforcement. 40 GB of capacity

on the /ifs/finance directory restricts the user. The setting for the quota is
using the Physical size option.If the directory is configured with a 2x data
protection level and the user writes a 10 GB file, the file consumes 20 GB
of space. The consumption is 10 GB for the file and 10 GB for the data-
protection overhead. The user has reached 50% of the 40 GB quota by
writing a 10 GB file to the cluster.

size. The view is in terms of how much capacity is available to store

logical data regardless of data reduction, tiering technology, or sparse
blocks. The option enforces quotas limits, and reports the total logical data
across different tiers, such as CloudPools.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

Quotas and Thin Provisioning

SmartQuotas supports thin provisioning, also known as over provisioning,

which enables administrators to assign quotas above the physical cluster
capacity.

• Capacity reached, but quota can be under limit.213

• Adding nodes.214
• Management reduction.215
• Careful monitoring.216

213 With thin provisioning, the cluster can be full even while some users or
directories are well under their quota limit. Configuring quotas that exceed
the cluster capacity enables a smaller initial purchase of capacity/nodes.
214 Thin provisioning lets you add more nodes as needed, promoting a

capacity on-demand model.

215 Setting larger quotas initially reduces administrative management as

more user access the cluster.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

Quota Nesting

Nesting quotas is having multiple quotas within the same directory

structure.

Quota limits do not reflect a likely deployment.

The isi quota quotas list command is used to compare the size of
a quota to the amount of data it holds.

216 Thin provisioning requires monitoring cluster capacity usage carefully.

If a quota exceeds the cluster capacity, nothing prevents users from
consuming all available space, which results in service outages for all
users and cluster services.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

The user quota is set for user Dante on /ifs/sales/sales-gen/MySales/test1

directory of 50 MB. Any other user can write up to the parent directory
(test1) limit (500 MB). In the given example, user john is able to write in
test1 directory. Since the quota limit on /ifs/sales/sales-gen/MySales is
500 MB, john cannot write beyond this limit.

Warning: If you are setting a higher threshold than the

parent quota hard threshold, this may cause the current
threshold to be ignored.

At the top of the hierarchy, the /ifs/sales folder has a directory quota of 1
TB. Any user can write data into this directory, up to a combined total of 1

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

TB. The /ifs/sales/sales-gen directory has a group quota assigned that

restricts the total amount of write into this directory to 1 GB. Even though
the parent directory (sales) is below its quota restriction. The
/ifs/sales/sales-gen/MySales directory has a default user quota of 500 MB
that restricts the capacity of this directory to 500 MB. The /ifs/Sales/sales-
gen/MySales/test1 directory has a user quota of 50 MB.

The /ifs/sales/sales-gen/Example directory has default user quota of 250

MB. The /ifs/sales/sales-gen/Example/test3 directory has a user quota of
100 MB. However, if users place 500 GB of data in the /ifs/sales/MySales
directory, users can only place 500 GB in the other directories. The parent
directory cannot exceed 1 TB.

Percent-Based Advisory and Soft Limits

In OneFS 8.2.0 and later, you can view advisory and soft quota limits as a
percent of the hard quota limit.

Only advisory and soft quota limits can be defined.

A hard limit must exist to set the advisory and soft percentage.

Administrators cannot set both an absolute and a percent-based limit on a

directory.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

Quota Notifications

Overview

Administrators can configure notifications to send alerts when the

provisioned storage approaches maximums enabling more storage to be
purchased as needed. Quota events can generate notifications.

Notifications can be enabled either globally or custom to a specific

enforcement quota. Notifications are sent both when a violation event
occurs or while the violation state persists on a scheduled basis.

Design Options

• Quota notifications can be configured for all threshold types in varying

frequencies (instant or ongoing). For hard and soft limits, you can
choose to send a notification when write access is denied.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

• When the limit is exceeded, based on the rule, you can create a cluster
event and email the owner or specific addresses.
• The email integrates with the provider email configuration or can be
manually mapped217.
• While SmartQuotas comes with default email message templates, you
can also create custom message templates as .txt files using
predefined variables.

Example

The Marketing team has set up an advisory quota to monitor storage

usage and plan for capacity. During normal operations, the quota is
exceeded by 20%, and a weekend cleanup is scheduled. To be on the

217 If using LDAP or Active Directory to authenticate users, the cluster

uses the user email setting that is stored within the directory. If no email
information is stored in the directory, or if a Local or NIS provider
authenticates, you must configure a mapping rule.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

safer side, the administrator wants to monitor usage so that the quota is
not exceeded by more than 60% and wants to be notified of usage daily.

An ongoing notification rule is set up for violation of an advisory limit. It is scheduled to be

sent at 12PM daily. The lead administrator and the owner of the quotas are notified. A
custom template that is designed for the marketing team is selected.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

Quota Notification Template

The graphic shows one of the available quota templates that are located in
the /etc/ifs directory.

• PAPI support218.
• OneFS 8.2 enhancements219.

Template Variables

Variable Description Example

218 PAPI supports an email ID list in the action_email_address property:

{"action_email_address": ["[email protected]","[email protected]"].
219 In OneFS 8.2.0, administrators can configure quota notification for

multiple users. The maximum size of the comma-separated email ID list is

1024 characters. The isi quota command option --action-email-address
field accepts multiple comma-separated values.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

ISI_QUOTA_DOMAIN_TYPE Quota type. Valid default-

values are: directory
directory, user,
group. default-
directory, default-
user, default-
group.

ISI_QUOTA_EXPIRATION Expiration date of Fri May 22

grace period. 14:23:19 PST
2020

ISI_QUOTA_GRACE Grace period in 5 days

days.

ISI_QUOTA_HARD_LIMIT Includes the hard You have 30

limit information MB left until
of the quota to you hit the
make hard quota
advisory/soft limit of 50 MB
email
notifications more
informational.

ISI_QUOTA_NODE Hostname of the someHost-

node on which prod-wf-1
the quota event
occurred.

ISI_QUOTA_OWNER Nmae of quota jsmith

domain owner.

ISI_QUOTA_PATH Path of quota /ifs/data

domain.

ISI_QUOTA_THRESHOLD Threshold value. 20 GB

ISI_QUOTA_TYPE Threshold type. Advisory

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

ISI_QUOTA_USAGE Disk space in 10.5 GB

use.

An email template contains variables. Any of the SmartQuotas variables

can be used in your templates.

Considerations

Listed are best practices to consider when discussing SmartQuotas.

• Too many nested quotas can limit performance.
− A single directory with overlapping quotas can also degrade
performance.
• Thin provisioning can exceed cluster capacity.
• Most customers do not include overhead and snapshots in quota limits.
• If quota limits include overhead and snapshots, you may need to set
larger quota limits.
− Cloned and deduplicated files are treated as ordinary files by
SmartQuotas.
• Test notifications to avoid surprises (i.e, incorrectly configured mail
relay).
• OneFS 8.2:

• Increased from 20,000 quota limits per cluster to 500,000 quota

limits per cluster.
• Quota notification daemon optimized to handle about 20 email
alerts per second.
• Support for the rpc.quotad service in the NFS container with
some statistics.
• If two quotas are created on the same directory, for example, an
accounting quota without Snapshots and a hard quota with Snapshots
- the quota without Snapshot data overrules the limit from the quota
with Snapshot data.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartQuotas

• SmartQuotas also provide a low impact way to provide directory file

count reports.
• You can edit or delete a quota report only when the quota is not linked
to a default quota.
• Configuration changes for linked quotas must be made on the parent
quota that the linked quota is inheriting from. Changes to the parent
quota are propagated to all children. To override configuration from the
parent quota, you must unlink the quota first.

Best Practice:
– Do not enforce quotas on file system root (/ifs).
– Do not configure quotas on SyncIQ target directories.

Activity: SmartQuotas

The web version of this content contains an interactive activity.

Challenge

Lab Assignment: The next OneFS feature to implement is SmartQuotas.

Go to the lab and configure user, group, and directory quotas.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartDedupe

Scenario

The cluster is hosting home directories for the users. Much of the data is
shared and has multiple copies. Deduplication should help address the
inefficient use of space. Describe the benefits of deduplication, explain
how deduplication works, and schedule deduplication on a directory.

SmartDedupe Overview

Information technology managers are challenged with managing explosive

data growth.

Business data is often filled with significant amounts of redundant

information.

SmartDedupe is an asynchronous batch job that identifies identical

storage blocks across the pool. The job is transparent to the user.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartDedupe

An example of redundant information is whenever multiple employees

store email attachments, multiple copies of the same files are saved or
replicated. This action leads to multiple copies of the same data, which
take up valuable disk capacity. Data deduplication is a specialized data
reduction technique that allows for the reduction of duplicate copies of
data.

SmartDedupe Architecture

The SmartDedupe architecture consists of five principle modules:

Deduplication Control Path, Deduplication Job, Deduplication Engine,
Shadow Store, and Deduplication Infrastructure.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartDedupe

1: The SmartDedupe control path consists of PowerScale OneFS WebUI,

CLI and RESTful PAPI, and is responsible for managing the configuration,
scheduling, and control of the deduplication job.

2: One of the most fundamental components of SmartDedupe, and

deduplication in general, is ‘fingerprinting’. In this part of the deduplication
process, unique digital signatures, or fingerprints, are calculated using the
SHA-1 hashing algorithm, one for each 8KB data block in the sampled set.

When SmartDedupe runs for the first time, it scans the dataset and
selectively samples blocks from it, creating the fingerprint index. This
index contains a sorted list of the digital fingerprints, or hashes, and their
associated blocks. Then, if they are determined to be identical, the block’s
pointer is updated to the already existing data block and the new,
duplicate data block is released.

3: Shadow stores are similar to regular files but are hidden from the file
system namespace, so cannot be accessed using a path name. A shadow
store typically grows to a maximum size of 2 GB (or about 256K blocks),
with each block able to be referenced by 32,000 files. If the reference
count limit is reached, a new block is allocated, which may or may not be

Dell Technologies PowerScale Administration - On Demand-SSP

SmartDedupe

in the same shadow store. Also shadow stores do not reference other
shadow stores. And snapshots of shadow stores are not permitted
because the data that is stored in shadow stores cannot be overwritten.

4: The primary user facing component of PowerScale SmartDedupe is the

deduplication job. This job performs a file system tree-walk of the
configured directory, or multiple directories, hierarchy. The Job Engine
performs the control, impact management, monitoring and reporting of the
deduplication job in a similar manner to other storage management and
maintenance jobs on the cluster.

5: Architecturally, the duplication job, and supporting deduplication

infrastructure, consist of the following four phases: Sampling, Duplicate
Detection, Block Sharing, and Index Update.

SmartDedupe Considerations

The following are areas to consider for SmartDedupe:

• SmartDedupe License.220
• Best for static files and directories.221
• Post process222 - not immediate - eventual.

220 SmartDedupe is included as a core component of PowerScale OneFS

but requires a valid product license key in order to activate. This license
key can be purchased through the PowerScale account team.
221 Deduplication is most effective for static or archived files and

directories - less modified files equals less negative effect.

222 To avoid increasing write latency, deduplication is done on data-at-rest.

The data starts out at the full literal size on the drives, and might get
deduplicated hours or days later.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartDedupe

• F810 and H5600 In-line data deduplication.223

• Asynchronous224 - does not block writes.
• Per disk pool.225
• File metadata is not deduplicated.226
• Encrypted, compressed, and files less than 32 KB.227
• Shadow store – 2 GB default size – up to 256,000 blocks storable.
• Replication and backup behavior.228

223 In-line data deduplication and inline data compression is supported in

the F810 and H5600 platforms in OneFS 8.2.1.
224 Deduplication does not occur across the length and breadth of the

entire cluster, but only on each disk pool individually.

225 Data that is moved between node pools may change what level of

deduplication is available. An example would be a file pool policy that

moves data from a high-performance node pool to nearline storage. The
data would no longer be available for deduplication on the high-
performance node pool but would be newly available for deduplication on
nearline storage.
226 As metadata changes often, deduplication is less effective.

227 No deduplication for encrypted, compressed, or files less that 32 KB,

because they do not provide enough storage savings benefit.

228 When deduplicated files are replicated to another PowerScale cluster

or backed up to a tape device, the deduplicated files no longer share

blocks on the target cluster or backup device. Although you can
deduplicate data on a target PowerScale cluster, you cannot deduplicate
data on an NDMP backup device. Shadow stores are not transferred to
target clusters or backup devices. Because of this, deduplicated files do
not consume less space than non deduplicated files when they are

Dell Technologies PowerScale Administration - On Demand-SSP

SmartDedupe

• Snapshots.229
• One deduplication job runs at a time.230
− Schedule deduplication to run during the cluster’s low usage hours,
by default, the SmartDedupe job runs automatically.
− After the initial dedupe job, schedule incremental dedupe jobs to
run about every two weeks, depending on the size and rate of
change of the dataset.
− Run SmartDedupe with the default "low" impact Job Engine policy.
• Rehydrates files from shadow store.231

SmartDedupe Function

A job in the OneFS Job Engine232 runs through blocks that are saved in
every disk pool, and compares the block hash values.233

replicated or backed up. To avoid running out of space, ensure that target
clusters and tape devices have free space to store deduplicated data.
229 SmartDedupe will not deduplicate the data stored in a snapshot.

However, you can create snapshots of deduplicated data. If deduplication

is enabled on a cluster that already has a significant amount of data stored
in snapshots, it will take time before the snapshot data is affected by
deduplication. Newly created snapshots will contain deduplicated data, but
older snapshots will not.
230 Only one deduplication job can run at a time. The job uses CPU and

memory resources, and should be run at non-peak or off hour times.

231 Once a file is undeduplicated, it cannot be re-deduplicated. Before

rehydrating, ensure that sufficient cluster capacity exists to hold the

undeduplicated directory.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartDedupe

1: Files greater than 32 KB

2: Compare 8 KB blocks.

3: Find matching blocks.

4: Matching blocks moved to shadow store

5: Free blocks

6: Save block references in metadata.

SmartDedupe Use Cases

Data on an enterprise cluster typically contains substantial quantities of

redundant information.

232 The job first builds an index of blocks, against which comparisons are
done in later phase, and ultimately confirmations and copies take place.
The deduplication job can be a time consuming, but because it happens
as a job the system load throttles, the impact is absolute. Administrators
find that their cluster space usage has dropped once the job completes.
233 If a match is found, and confirmed as a true copy, the block is moved to

the shadow store, and the file block references are updated in the
metadata.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartDedupe

SmartDedupe is typically used in the following ways:

Use Cases Considerations

Home directories234 Compressed versus

uncompressed data

Archival files235 Unique versus replica

files

Uncompressed Rapid change versus

virtual machine near-static
images236

234 A home directory scenario where many users save copies of the same
file can offer excellent opportunities for deduplication.
235 Static, archival data is seldom changing, therefore the storage that is

saved may far outweigh the load dedupe places on a cluster.

Deduplication is more justifiable when the data is relatively static.
236 Workflows that create many copies of uncompressed virtual machine

images can benefit from deduplication. Deduplication does not work well
with compressed data, the compression process tends to rearrange data
to the point that identical files in separate archives are not identified as
such. Environments with many unique files do not duplicate each other, so
the chances of blocks being found which are identical are low.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartDedupe

Important: Rapid changes in the file system tend to undo

deduplication, so that the net savings achieved at any one
time are low. If in doubt, or attempting to establish the
viability of deduplication, perform a dry run.

SmartDedupe Jobs

Because the sharing phase is the slowest deduplication phase, a dry run,
or DedupeAssessment, returns an estimate of capacity savings.

Editing the Dedupe or DedupeAssessment jobs enables the

administrator to change the Default priority, Default impact policy, and
Schedule.

1: Dedupe works on datasets which are configured at the directory level,

targeting all files and directories under each specified root directory.
Multiple directory paths can be specified as part of the overall
deduplication job configuration and scheduling.

2: The assessment enables a customer to decide if the savings that are

offered by deduplication are worth the effort, load, and cost.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartDedupe

SmartDedupe Administration

The WebUI SmartDedupe management is under the File system menu

options. Enter the paths for deduplication237 from the Settings tab.

Inline Data Deduplication

Inline deduplication is asynchronous and deduplicates data before the

data is committed to disk. Deduplicating data before it is committed avoids
redundant writes to the disk. It is a cluster-wide setting and is enabled by

237Selecting specific directory gives the administrator granular control to

avoid attempting to deduplicate data where no duplicate blocks are
expected, like large collections of compressed data. Deduplicating an
entire cluster without considering the nature of the data is likely to be
inefficient.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartDedupe

default in OneFS 9.4 and later. However, it is possible to pause, disable,

or reenable the feature anytime using simple commands. When enabled,
the feature is always active, applies globally, and to all files on disk pools
that support data reduction.

No license is required for inline data deduplication. Inline deduplication is

not applicable on packed small files, writes to snapshots, shadow stores,
CloudPools stub files, and files that are attributed not to be deduplicated.

Inline Data Compression

PowerScale inline compression uses a lossless algorithm238 for

compression of files so that no information is lost, and a file can easily be
decompressed to its original form. Compression algorithms identify
redundant data inside individual files and encode the redundant data more
efficiently. On the other hand, deduplication inspects data and identifies
sections, or even entire files, which are identical and replaces them with a
shared copy.

238More specifically, lossless compression reduces the number of bits in

each file by identifying and reducing or eliminating statistical redundancy.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartDedupe

No license is required for inline data compression, and it is enabled by

default on supported clusters. Hardware compression and decompression
are performed in parallel across the 40Gb Ethernet interfaces of supported
nodes as clients read and write data to the cluster.

Considerations and Best Practices

Considerations

• Compressed and deduplicated data does not exit the file system as
compressed or deduplicated in any form.
• There is no OneFS WebUI support for inline data reduction.
Configuration and management are through the CLI only.
• Since data reduction extends the capacity of a cluster, it also has the
effect of reducing the per-TB compute resource ratio (CPU, memory,
I/O). Hence, it is less suited for heavily accessed data, or high-
performance workloads.
• Depending on an application’s I/O profile and the effect of data
reduction on the data layout, read and write performance and overall
space savings can vary considerably.
• SmartDedupe does not attempt to deduplicate files smaller than 32 KB
whereas inline deduplication has no limit on file size.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartDedupe

Best Practices

• Run the assessment tool on a subset of the data to be compressed or

deduplicated.
• In general, additional capacity savings may not warrant the overhead
of running SmartDedupe on node pools with inline deduplication
enabled.
• Data reduction can be disabled on a cluster if the overhead of
compression and deduplication is considered too high or performance
is impacted, or both.
• Run the deduplication assessment job on a single root directory at a
time. If multiple directory paths are assessed in the same job, you
cannot determine which directory should be deduplicated.
• Avoid adding more than ten subdirectory paths to the SmartDedupe
configuration policy.
• Schedule deduplication to run during the cluster’s low-usage hours
(overnight, weekends, and so on).

Go to: For more information about the PowerScale data

reduction features, see the Dell PowerScale OneFS: Data
Reduction and Storage Efficiency white paper.

Activity: SmartDedupe

The web version of this content contains an interactive activity.

Challenge

Lab Assignment: Run deduplication assessment, run deduplication, and

view reports.

Dell Technologies PowerScale Administration - On Demand-SSP

SnapshotIQ

Scenario

There is a need to use snapshots to give users the ability to recover files.
Describe snapshot behavior, identify snapshot types, and configure and
manage snapshot functionality.

SnapshotIQ Overview

SnapshotIQ snapshots are logical pointers to data stored on a cluster at a

specific point in time.

If you modify a file and determine that the changes are unwanted, you can
copy or restore the file from the earlier file version.

Snapshots can be used to stage content to export and ensure that a

consistent point-in-time copy of the data is replicated or backed up.

Dell Technologies PowerScale Administration - On Demand-SSP

SnapshotIQ

Important: A SnapshotIQ license239 is not required for all

snapshot functions.

239Some applications, such as SyncIQ and InsightIQ, must generate

snapshots to function, but do not require an active SnapshotIQ license. By
default, these snapshots are automatically deleted when OneFS no longer
needs them. However, if you activate a SnapshotIQ license, you can
retain these snapshots. Snapshots generated by other modules can still
be viewed without a SnapshotIQ license. Note that clones can be created
on the cluster using the "cp" command, which does not require a
SnapshotIQ license.

Dell Technologies PowerScale Administration - On Demand-SSP

SnapshotIQ

Snapshot Operations

Dell Technologies PowerScale Administration - On Demand-SSP

SnapshotIQ

Snapshot create: Snapshots are created almost instantaneously

regardless of the size240 of the file or directory.

Snapshot growth: The data is modified, and only the changed data
blocks are contained241 in snapshots.

Snapshot consumption: A snapshot consumes242 only the necessary

space to restore the files contained in the snapshot.

Copy on Write and Redirect on Write

OneFS uses both Copy on Write, or CoW and Redirect on Write, or, RoW.

SnapshotIQ uses both copy on write (CoW) and redirect on write (RoW)
strategies for its differential snapshots and uses the most appropriate
method for a given situation. Both have pros and cons, and OneFS

240 A snapshot is not a copy of the original data, but only an extra set of
pointers to the original data. At the time it is created, a snapshot
consumes a negligible amount of storage space on the cluster. The
original file references the snapshots.
241 If data is modified on the cluster (Block D’ in the graphic), only one

copy of the changed data is made. With CoW the original block (Block D)
is copied to the snapshot. The snapshot maintains a pointer to the data
that existed at the time that the snapshot was created.
242 Snapshots do not consume a set amount of storage space, there is no

requirement to pre-allocate space for creating a snapshot. If the files that a

snapshot contains have not been modified, the snapshot consumes no
additional storage space on the cluster. The amount of disk space that a
snapshot consumes depends on the amount of data that is stored by the
snapshot and the amount of data the snapshot references from other
snapshots.

Dell Technologies PowerScale Administration - On Demand-SSP

SnapshotIQ

dynamically picks which flavor to use in order to maximize performance

and keep overhead to a minimum. With copy on write, as the name
suggests, a new write to HEAD results in the old blocks being copied out
to the snapshot version first. Although this incurs a double write penalty, it
results in less fragmentation of the HEAD file, which is better for cache
prefetch. Typically, CoW is most prevalent in OneFS and is primarily used
for minor changes, inodes, and directories. Redirect on write, on the other
hand, avoids the double write penalty by writing changes to a snapshot
protected file directly to another free area of the file system. However, the
flip side to this is increased file fragmentation. Since file contiguity is not
maintained by virtue of writing changes to other file system regions, RoW
in OneFS is used for more substantial changes such as deletes and large
sequential writes.

Ordered and Unordered Deletions

An ordered deletion is the deletion of the oldest snapshot of a directory.

Ordered deletion is recommended for datasets with a lower rate of
change.

An unordered deletion is the deletion of a snapshot that is not the oldest

snapshot of a directory. For more active data, the configuration and
monitoring overhead is slightly higher, but fewer snapshots are retained.

Dell Technologies PowerScale Administration - On Demand-SSP

SnapshotIQ

The benefits of unordered deletions that are compared with ordered

deletions depend on how often the snapshots that reference the data are
modified. If the data is modified frequently, unordered deletions save
space. However, if data remains unmodified, unordered deletions are not
likely to save space, and it is recommended that you perform ordered
deletions to free cluster resources.

In the graphic, /ifs/org/dir2 two has two snapshot schedules. If the

retention period on schedule 1 is longer than the retention period on
schedule 2, the snapshots for the directory are deleted out of order.
Unordered deletions can take twice as long to complete and consume
more cluster resources than ordered deletions. However, unordered
deletions can save space by retaining a smaller total number of blocks in
snapshots.

Creating Snapshots

Select each numbered icon to learn how to create a Snapshot.

Dell Technologies PowerScale Administration - On Demand-SSP

SnapshotIQ

1: Click Data Protection > SnapshotIQ > Snapshots

2: Click Create a Snapshot. The Create a Snapshot dialog box appears.

3: Optional: In the Snapshot Name field, type a name for the snapshot.

4: In the Path field, specify the directory that you want the snapshot to
contain.

5: Optional: To create an alternative name for the snapshot, select Create

a snapshot alias, and then type the alias name.

6: Optional: To assign a time when OneFS automatically deletes the

snapshot, specify an expiration period.

• Select Snapshot Expires on.

• In the calendar, specify the day that you want the snapshot to be
automatically deleted.

7: Click Create Snapshot.

Snapshots are created by configuring a snapshot schedule or manually

generating an individual snapshot.

• Creating more than one snapshot per directory is advantageous.

Dell Technologies PowerScale Administration - On Demand-SSP

SnapshotIQ

• Use shorter expiration periods243.

• Using the isi snapshot list | wc –l command to check the
available snapshots.

Accessing Snapshot Files

OneFS tracks snapshots in the .snapshot directory.

Snapshot location

Snapshot files are in two places.

• Snapshots are within the path that is snapped244.

• It is possible to view the .snapshot files at the root of the /ifs245
directory.
• With SmartPools, snapshots can physically reside on a different
storage tier than the original data.

243 Use shorter expiration periods for snapshots that are generated more
frequently, and longer expiration periods for snapshots that are generated
less frequently.
244 For example, if snapping a directory located at

/ifs/edu/students/name1, view the hidden .snapshot directory using the

CLI or Windows Explorer. The path would look like
/ifs/edu/students/name1/.snapshot.
245 From /ifs all the .snapshots on the system can be accessed, but users

can only open the .snapshot directories for which they already have
permissions. Without access rights users cannot open or view any
.snapshot file for any directory.

Dell Technologies PowerScale Administration - On Demand-SSP

SnapshotIQ

Accessing snapshots

There are two paths to access snapshots.

• Access through the /ifs/.snapshot246 directory.

• Access the .snapshot directory in the path247 where the snapshot was
taken.

Preserving Permissions

Snapshots can be taken at any point in the directory tree. Each

department or user can have their own snapshot schedule.

The snapshot preserves248 the file and directory permissions at that point
in time of the snapshot.

246 This is a virtual directory where all the snaps listed for the entire cluster
are stored.
247 To view the snapshots on /ifs/eng/media, user can change directory

(cd) to /ifs/eng/media and access /.snapshot

248 The snapshot owns the changed blocks and the file system owns the

new blocks. If the permissions or owner of the current file is changed, it

does not affect the permissions or owner of the snapshot version.

Dell Technologies PowerScale Administration - On Demand-SSP

SnapshotIQ

Restoring Snapshots

If data is accidentally erased, lost, corrupted, or compromised, clients can

restore the data from the snapshot.

Restore Theory

Dell Technologies PowerScale Administration - On Demand-SSP

SnapshotIQ

The graphic shows a simple example of CoW.

For example, a directory has writes and snapshots at different times:

• Time 1: A,B,C,D are preserved in Snapshot Time 1.
• Time 2: A,B,C,D’ are preserved in Snapshot Time 2.

More data is written into the directory:

• Time 3: A’,B,C,D’
• Time 4: A’,B,C,D’, E

Since no snapshot is taken after Time 2, data corruption to A’ or E is not

restorable from a snapshot.

QUESTION: What happens when the user wants to recover block A data
that was overwritten in Time 3 with A’?

A backup snapshot is automatically created before copying A back to the

directory.

Restore from Windows

Dell Technologies PowerScale Administration - On Demand-SSP

SnapshotIQ

Clients with Windows Shadow Copy Client can restore the data from the
snapshot.

Restore from NFS Host

Clients accessing the export over NFS can navigate using the .snapshot
directory.

To recover a deleted file, right-click the folder that previously contained the
file, click Restore Previous Version, and select the required file to recover.
To restore a corrupted or overwritten file, right-click the file itself, instead
of the folder that contains the file, and then click Restore Previous
Version.

No additional storage is consumed, and the restore is instant when

restoring the production file from a snap using RoW. Snapshot Time 2 has
preserved A. A backup snapshot is automatically created before copying A
back to the file system. The backup is a failback or safety mechanism
should the restore from the snap be unacceptable and the user wants to
revert to A’.

Dell Technologies PowerScale Administration - On Demand-SSP

SnapshotIQ

Writable Snapshots

Writable snapshots enable the creation of space-efficient, modifiable

copies of a source snapshot. The source snapshot remains read-only. You
can use writable snapshots for tasks such as testing data recovery
scenarios and quality assurance.

The source snapshot and its writable copy must reside in a directory in the
/ifs file system. The writable snapshots feature creates a directory quota
on the root of the writable snapshot that monitors its space usage.

Considerations

The following restrictions apply to writable snapshots:

• Writable snapshots cannot be cloud-based.

• It is not possible to use compression, deduplication, inline data
compression, file clones, or use small file packing with writable
snapshots.
• It is not possible to make a snapshot of a writable snapshot.
• Writable snapshots do not support Write Once - Read Many (WORM).
• Do not use SyncIQ snapshots or snapshots named SIQ-* as source
snapshots.

Dell Technologies PowerScale Administration - On Demand-SSP

SnapshotIQ

• Hard links to files within the domain of the writable snapshot cannot be
created from outside the writable snapshot domain.
• Files that reside in the writable snapshot domain cannot be renamed
from outside that writable snapshot domain.

Deep Dive: See the Dell PowerScale OneFS: Writable

Snapshots whitepaper to learn more.

SnapshotIQ Considerations

Listed are areas to consider when discussing snapshots.

• Always set expiration to prevent snaps filling the cluster to capacity.

• Total cluster snap limit: 20,000 - best practice is a 1000 limit per
directory.
• Run concurrent schedules with different frequencies/expiration.
• SnapshotDelete job must run to completion.
• Manual snapshot deletion is not recommended – set up to expire when
created.
• Deleting snapshots out of order may cause newer snapshots, which
are dependent on data that is being removed to have to copy the
blocks before deletion.
• Backup, SyncIQ, Clones, File System Analytics use snapshots – no
license required.
• Use aliases - alias names use most recent version of snapshot and
eases readability for application restores.

Activity: SnapshotIQ

The web version of this content contains an interactive activity.

Dell Technologies PowerScale Administration - On Demand-SSP

SnapshotIQ

Challenge

Lab Assignment: Create a snapshot schedule, create snapshots, and

use a snapshot to restore data.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

Scenario

SyncIQ is a data protection feature of PowerScale OneFS . Investigate the

feature and justify how it can make the storage environment more
efficient. Describe SyncIQ in detail and configure a SyncIQ policy.

SyncIQ Overview Video

SyncIQ delivers unique, highly parallel replication performance that scales

with the dataset to provide disaster recovery. The video provides an
overview of SyncIQ. See the student guide for a transcript or download
from the player.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

The SyncIQ topic covers a foundation for SyncIQ. The

PowerScale Advanced Administration course provides a more
in-depth examination of SyncIQ.

Movie:

The web version of this content contains a movie.

Important: The video demonstration displays an older version

of the OneFS UI. The new OneFS 9.5 version has UI
changes, but the functionality of all elements remains the
same.

Link:
https://edutube.dell.com/Player.aspx?vno=OZC9t92nwmWVLWNjfT/+5w=
=&attachments=true&autoplay=true

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

Shown is a cluster with the source directory using SyncIQ to replicate data
to a remote target directory. OneFS SyncIQ uses asynchronous
replication, enabling you to maintain a consistent backup copy of your
data on another Isilon cluster. Asynchronous replication is similar to an
asynchronous file write.

The target system passively acknowledges receipt of the data and returns
an ACK once the target receives the entire file or update. Then the data is
passively written to the target. SyncIQ enables you to replicate data from
one PowerScale cluster to another. Activate a SyncIQ license on both the
primary and the secondary Isilon clusters before replicating data between
them. You can replicate data at the directory level while optionally
excluding specific files and sub-directories from being replicated.

SyncIQ creates and references snapshots to replicate a consistent point-

in-time image of a SyncIQ domain. The SyncIQ domain is the root of the
replication, such as /ifs/finance. Metadata, such as ACLs and alternate
data streams are replicated along with data. SyncIQ offers automated
failover and failback capabilities. If a primary cluster becomes unavailable,
failover and failback enable continued operations on another Isilon cluster.
In SyncIQ, an administrator creates and then starts the replication policy.
A policy is like an invoice list of what should get replicated and how. A
SyncIQ job does the work of replicating the data. OneFS 8.2.0 and later
supports over-the-wire encryption to protect against man-in-the-middle
attacks, making data transfer between OneFS clusters secure.

SyncIQ Deployment Topology

Meeting and exceeding the data replication governance requirements of

an organization are critical for an IT administration. SyncIQ exceeds these
requirements by providing an array of configuration options, ensuring
administrators have flexible options to satisfy all workflows with simplicity.

Under each deployment, the configuration could be for the entire cluster or
a specified source directory. Also, the deployment could have a single
policy that is configured between the clusters or several policies, each with
different options aligning to RPO and RTO requirements.

Select the tabs to know more about each type of deployment Typologies.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

One-to-one

In the most common deployment scenario of SyncIQ, data replication is

configured between a single source and single target cluster as illustrated
in the graphic below.

One-to-many

SyncIQ supports data replication from a single source cluster to many

target clusters, allowing the same dataset to exist in multiple locations, as
illustrated in the graphic below. A one-to-many deployment could also be
referenced as a hub-and-spoke deployment, with a central source cluster
as the hub and each remote location representing a spoke.

Many-to-one

The many-to-one deployment topology is the flipped version of the one-to-

many explained in the previous section. Several source clusters replicate
to a single target cluster as illustrated in the graphic below. The many-to-
one topology may also be referred to as a hub-and-spoke configuration.
However, in this case, the target cluster is the hub, and the spokes are
source clusters.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

Local Target

A local target deployment allows a single PowerScale cluster to replicate

within itself providing the SyncIQ powerful configuration options in a local
cluster as illustrated in the graphic below. If a local target deployment is
used for disaster readiness or archiving options, the cluster protection
scheme and storage pools must be considered.

Cascaded

A cascaded deployment combines the previous deployments. It allows a

primary cluster to replicate to a secondary location, next to a tertiary
location, and so on as illustrated in the graphic below. Each cluster
replicates to a next in chain.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

SyncIQ Considerations and Limits

Considerations

Listed are areas to consider when configuring SyncIQ:

• Do not configure the /ifs directory as a SyncIQ domain.
• SyncIQ runs as jobs under its own Job Engine249.
• Can perform semi-automated250 failovers and failbacks.

Capabilities

The various capabilities of SyncIQ are:

• Stop a failover in progress and revert251.

• Source and target snapshots252.

249 The SyncIQ Job Engine is separate from the cluster maintenance
activity Job Engine in OneFS. SyncIQ runs based on SyncIQ policies that
you can schedule or run as required manually.
250 Semi-automated failovers from source to target, and semi-automated

failback from target to original source. Failover and failback only include
the cluster preparation activities and do not include DNS changes, client
redirection or any required networking changes.
251 The semi-automated failover process preserves the synchronization

relationships between the source and target clusters. SyncIQ is RBAC

ready, enabling you to configure administration roles. For organizations
automating processes, PAPI integration is available.
252 The SyncIQ process uses snapshots on both the source and target

snapshots. No SnapshotIQ license is required for basic SyncIQ snapshots

on either the source or target clusters. These snapshots are only used for

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

• Maximum transmission units.253

• Import snapshots254.
• OneFS 8.2 and later provides over-the-wire encryption255 and
bandwidth reservation256 at a policy level.

Limitations

The limitations of SyncIQ are:

• SyncIQ does not offer high availability (HA)257.

SyncIQ jobs. SyncIQ snapshots are single-instance snapshots and OneFS

only retains the latest or last-known good version.
253 SyncIQ can support larger maximum transmission units or MTU over

the LAN or WAN. SyncIQ supports auto-negotiation of MTU sizes over

WAN connections. The MTU across the network is negotiated by the
network.
254 SyncIQ has the capability to import manually taken snapshots to use

as the point-in-time reference for synchronization consistency. You can

add new nodes while a sync job runs. There is no requirement to stop the
sync job before adding new nodes. Functionality enables the ability to
create a point-in-time report showing the SyncIQ worker activity.
255 In-flight encryption makes data transfer between OneFS clusters

secure. The function benefits customers who undergo regular security

audits and/or government regulations.
256 The SyncIQ bandwidth setting at the global level splits the bandwidth

reservation evenly among all policies. Using the CLI, you can make
bandwidth reservations for individual policies.
257 The target cluster contains a copy of the source data synchronized on

a schedule. The implementation is active on the source cluster with a

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

• Discourage a complete failover and failback test258.

• Failover not needed for data retrieval259.
• Scheduling options260.

Compatibility

The table shows the versions of OneFS you can synchronize using
SyncIQ. Target cluster running OneFS 7.1.x version of OneFS is no longer
supported. For information about the support and service life-cycle dates
for hardware and software products, see the Isilon Product Availability
Guide.

read-only copy on the secondary cluster. It is used for disaster recovery or

to maintain a second copy of the data only.
258 Performing a complete failover and failback test on a monthly or

quarterly basis is discouraged. Perform failover testing if quiescing writes

to the source (prevent changing the data) and all SyncIQ policies are
successfully run a final time to assure complete synchronization between
source and target. Failing to perform a final synchronization can lead to
data loss.
259 Retrieving a copy of the data from the target cluster does not require a

failover. The target is a read-only copy of the data. Perform a copy

operation to make a copy of the read-only data on the target cluster to a
location outside of the SyncIQ domain on the target, or to a location on the
source cluster, or to the client.
260 The 'Whenever the source is modified' option is not for continuous

replication. OneFS does not offer a continuous replication option. This

option is for specific workflows that have infrequent updates and require
distribution of the information as soon as possible.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

Source Target Cluster OneFS Version

Cluster
OneFS 7.2.x 8.x and 9.0 8.2.2 and 9.1.x - 9.5.x
Version 9.0 with 16
TiB Feature

7.2.x Yes Yes No Yes

8.x and 9.0 Yes Yes No Yes

8.2.2 and No No Yes Yes

9.0 with 16
TiB Feature

9.1.x - 9.5.x No Yes Yes Yes

CloudPools

SyncIQ can synchronize CloudPools data from the CloudPools aware

source cluster to a PowerScale target cluster.

SyncIQ provides data protection for CloudPools data and provides failover
and failback capabilities.

SyncIQ uses the CloudPools API tools to enable support.

The processes and capabilities of SyncIQ are based on the OneFS

version relationship between the source cluster and the target cluster. This
relationship determines the capabilities and behaviors available for
SyncIQ policy replication.

Important: Shares, exports, cluster configuration,

networking info, metadata, licenses, etc. are not replicated.
Employing tools such as isi backup, application such as
Superna Eyeglass, or a PS engagement are often required
to implement a complex solution.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

SyncIQ Administrative Functions

Select each tab for an overview of each SyncIQ function.

Failover

Failover is the process of changing the role of the target replication

directories into the role of the source directories for assuming client read,
write, and modify data activities.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

Failback

A failback261 is the process of restoring the source-to-target cluster

relationship to the original operations where client activity is again on the
source cluster.

Like failover, failback must be performed on a per policy basis. The user
must make the same network changes to restore access to direct clients
to the source cluster.

The example shows a failback where the client accesses source data.

261 A failback can happen when the primary cluster is available once again
for client activities. The reason could be from any number of
circumstances including the natural disasters are no longer impacting
operations, or site communication or power outages have been restored to
normal. You must failback each SyncIQ policy.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

Failback Preparation

To initiate a failback, the Resync-prep option is used. Resync-prep creates

a mirror policy for the replication policy on the primary cluster and
secondary cluster.

Resync-prep prepares the source cluster to receive the changes made to

the data on the target cluster.

The mirror policy is placed under Data Protection > SyncIQ > Local
Targets on the primary cluster. On the secondary cluster, the mirror policy
is placed under Data Protection > SyncIQ > Policies.

Failover Revert

A failover revert undoes a failover job in process262. Use revert before

writes occur263 on the target.

262Failover revert stops the failover job and restores the cluster to a sync
ready state. Failover reverts enables replication to the target cluster to
once again continue without performing a failback.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

263Use revert if the primary cluster once again becomes available before
any writes happen to the target. A temporary communications outage or if
doing a failover test scenario are typical use cases for a revert.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

SyncIQ Replication Policies

SyncIQ policies264 govern data replication.

A SyncIQ policy specifies the clusters265 that are replicating.

SyncIQ jobs do the work266.

264 You create and start replication policies on the primary cluster. A policy
specifies what data is replicated, where the data is replicated to, and how
often the data is replicated.
265 The primary cluster holds the source root directory, and the secondary

cluster holds the target directory. There are some management

capabilities for the policy on both the primary and secondary clusters,
though most of the options are on the primary.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

Creating the SyncIQ Policy

The panels describe the files for creating the SyncIQ policy. Refer to the
student guide for more information.

Settings

Creating a SyncIQ policy is done of the Data protection > SyncIQ >
Policies page or using the isi sync policy create command.

Source Cluster - Directories

The Source root directory is the SyncIQ domain.

266SyncIQ jobs are the operations that do the work of moving the data
from one PowerScale cluster to another. SyncIQ generates these jobs
according to replication policies.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

Target Cluster

The target cluster identification is required for each policy.

Advanced

The final segment of the policy creation are the advanced fields.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

Settings: In the Settings section, assign a unique name to the policy.

Optionally you can add a description of the policy. The Enable this policy
box is checked by default. If you cleared the box, it would disable the
policy and stop the policy from running. Next designate whether a Copy
policy or a Synchronize policy. The replication policy can be started using
one of four different run job options: Manually, on a Schedule, Whenever
the source is modified, or whenever a snapshot of the source directory is
taken.

Source cluster directories: In the Source Cluster criteria, the Source root
directory is the SyncIQ domain. The path has the data that you want to
protect by replicating it to the target directory on the secondary cluster.
Unless otherwise filtered, everything in the directory structure from the
source root directory and below replicates to the target directory on the
secondary cluster.

Includes and excludes: The Included directories field permits adding one
or more directory paths below the root to include in the replication. Once
an include path is listed that means that only paths listed in the include
path replicate to the target. Without include paths all directories below the
root are included. The Excluded directories field lists directories below the
root you want explicitly excluded from the replication process. You cannot
fail back replication policies that specify includes or exclude settings. The
DomainMark job does not work for policies with subdrectories mentioned
in Include or Exclude. Using includes or excludes for directory paths does
not affect performance.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

File matching criteria: The File matching criteria enables the creation of
one or more rules to filter which files do and do not get replicated.
Creating multiple rules connect them together with Boolean AND or OR
statements. When adding a new filter rule, click either the Add an “And”
condition or Add an “Or” condition links. File matching criteria says that if
the file matches these rules then replicate it. If the criteria does not match
the rules, do not replicate the file.

Target: Snapshots are used on the target directory to retain one or more
consistent recover points for the replication data. You can specify if and
how these snapshots generate. To retain the snapshots SyncIQ takes,
select Enable capture of snapshots on the target cluster. SyncIQ always
retains one snapshot of the most recently replicated delta set on the
secondary cluster to facilitate failover, regardless of this setting. Enabling
capture snapshots retains snapshots beyond the time period that is
needed for SyncIQ. The snapshots provide more recover points on the
secondary cluster.

Advanced: The Priority field in the Advanced settings section enables

policies to be prioritized. If more than 50 concurrent SyncIQ policies are
running at a time, policies with a higher priority take precedent over
normal policies. If the SyncIQ replication is intended for failover and
failback disaster recovery scenarios, selecting Prepare policy for
accelerated failback performance prepares the DomainMark for the
failback performance. The original source SyncIQ domain requires a
DomainMark. Running a DomainMark during the failback process can take
a long time to complete. You can retain SyncIQ job reports for a specified
time. With an increased number of SyncIQ jobs in OneFS 8.0, the report
retention period could be an important consideration. If tracking file and
directory deletions that are performed during synchronization on the
target, you can select to Record deletions on synchronization.

Deep copy: The Deep copy for CloudPools setting applies to those
policies that have files in a CloudPools target. Deny is the default. Deny
enables only stub file replication. The source and target clusters must be
at least OneFS 8.0 to support Deny/ Allow the SyncIQ policy to determine
if a deep copy should be performed. Force automatically enforces a deep
copy for all CloudPools data that are contained within the SyncIQ domain.
Allow or Force are required for target clusters that are not CloudPools
aware.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

Copy vs Synchronize Policies

A SyncIQ policy can copy or synchronize source data to meet

organizational goals. When creating a SyncIQ policy, choose a replication
type of either sync267 or copy268.

Copy Policy Synchronize Policy

• Goal - retain deleted data. • Goal - source cluster protection.

• Makes a one time full copy of • Makes a one time full copy of the
the source directory to the source directory to the target
target directory. directory.
• Runs manually. • Continues to make incremental
copies of the changes in the source
• Copy retains deleted source
directory to the target directory.
data on target.
• Removes deleted source data on
• Files that are deleted from
target.
source are not deleted from
target. • Files that are deleted from source
are deleted from target.
• Not secure file retention -
SmartLock. • No file deletion protection.

267 If a mirrored copy of the source is the goal, create a sync policy.
268 If the goal is to have all source data that is copied and to retain deleted

file copies, then create a copy policy.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

Tip: It is possible to always license SnapshotIQ on the

target cluster and retain historic SyncIQ associated
snapshots to aid in file deletion and change protection.

SyncIQ Configuration Video

The video details a basic SyncIQ use case, configuring replication

between two clusters. See the student guide for a transcript or download a
copy from the player.

Movie:

The web version of this content contains a movie.

Important: The video demonstration displays an older version

of the OneFS UI. The new OneFS 9.5 version has UI
changes, but the functionality of all elements remains the
same.

Link:
https://edutube.dell.com/Player.aspx?vno=6cyyA4XvBqkyHJwXs6ltdg==&
attachments=true&autoplay=true

This demonstration walks through the steps to configure an eye salon

sync IQ replication job for disaster recovery. The demonstration highlights
four areas. Creating the sync IQ policy. Starting the replication job.
Performing a failover and performing a failback. Before beginning with the
configuration shown, here is a simple topology. The configuration will
address. The Boston Cluster is to sync IQ source and the Seattle cluster is
to sync IQ target.

Let's begin at our host. Here I have the browser open and noticed I am
connected to both the Boston Cluster and the Seattle Cluster. The
directory that I will replicate are the user home directories.

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

For this demonstration, note that I also have the share from the Seattle
cluster map to the host. The Seattle cluster is configured with identical
access zones and naming structure. Both clusters have sync IQ licensed.
I'll go to the sync IQ page on the source cluster, mouseover data
protection, select SYNC IQ, and then the policies tab.

Next select create sync policy. All the fields are explained in detail in the
eye Salon disaster recovery training course and the eye salon. One FS
Web administration guide. For the demonstration, I am keeping the
configuration very simple. The policy name is Boston to Seattle holders.
The type of replication will be synchronized. The job type is manual. Slash
IF slash home slash DES is to syncIQ domain.

Down in the Target Field, the target host is Seattle DES Lab and the
Target directory is slash F slash home slash DES. Click on create policy.
That's it for a very basic policy before moving on, let's take a look at an
assessment to validate the process. Select assess sync. Now go to the
reports tab and view the assessment. We can also navigate to the Seattle
Cluster Data Protection SYNC IQ page on the local targets tab to view the
policy target.

Now let's start the job. This is done on the source cluster. Here we are on
the sync IQ page policies tab. In the actions column for a job, select start
job. Next, we'll go to the summary tab and verify the job status is running
for demonstration purposes. There are only a few files to replicate and the
initial replication should complete fairly quickly. My host has both the
source and target directories map.

Here we can see the animation directory has replicated to the target
cluster. This directory is read only and if I go into the animation directory
and try to write, I'll get an error. Back in the source directory, I am able to
write data. Here I'm just doing a copy and paste of one of the files.

Next, let's failover to the Seattle cluster. First, I'll stop writes to the cluster
by disabling SMB services. This may not be practical in a real environment
where you may want read and write access to other workflows. Our sync
IQ policy is already set to manual. If the policy is not set to manual, we
would modify the sync IQ policy to manual at this time. A failover is done
on the target cluster will go to the Seattle Cluster Sync IQ page and local
targets tab. On the policy to fail over, I'll choose allow rights. In a real

Dell Technologies PowerScale Administration - On Demand-SSP

SyncIQ

environment, the users will be redirected to the Seattle cluster for

demonstration purposes. I'm not making any DNS changes. Since my host
can already access to target, I will verify write access to the target by
copying data to the share. We have created the policy, started a job and
failed over.

Now let's failback to put the cluster back in a normal state. On the Boston
Cluster Sync IQ page policies tab, I'll select Resync prep. Next on the
target cluster SYNC IQ page policies tab of verify the mirror policy is
created. Let's go ahead and stop writes to the secondary cluster. Undo
this by disabling the SMB service. Back on the Sync IQ page, I will start
job on the mirror policy. The summary tab will show the active jobs. Now
go to the source cluster sync IQ page, local targets tab and verify the
status is finished. And then select allow rights. This puts the target cluster
back to a readonly state. Next, go to the target cluster Sync IQ page
policies tab and on the mirror policy, select Resync Prep. On both the
source and target clusters, I'll re-enable the SMB service.

And then verify I have write access on the animation directory. We

covered creating a sync IQ policy, starting the replication job, failing over,
and failing back. This concludes the demonstration.

Activity: SyncIQ

The web version of this content contains an interactive activity.

Challenge

Lab Assignment: Configure a SyncIQ policy.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartSync

Smartsync Overview

PowerScale OneFS provides OneFS Datamover (also called SmartSync)

which enables you to transfer data between PowerScale clusters and S3
object stores (ECS, AWS) using the Datamover269 transfer engine that is
embedded in OneFS. SmartSync replicates file-to-file data between
PowerScale clusters.

Datamover provides the following primary functions:

• Data protection
• Data repurposing (copy)
• Data archive

269

Dell Technologies PowerScale Administration - On Demand-SSP

SmartSync

Following are a few differences between SyncIQ and Datamover

(SmartSync):

• Datamover has faster data transfers than SyncIQ.

• Datamover provides Scalable run-time engine.
• The multiple target destinations allow administrators to store multiple
copies of a dataset across locations and manage replication topologies
with ease.
• SmartSync introduces child-parent relationships to launch a data
replication job only after the snapshot creation completes.

Deep Dive: For more information about SmartSync, see the

Dell PowerScale SmartSync white paper to learn more.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartLock

Scenario

A directory that has WORM protection is needed. It is not required to

follow SEC 17a-4 rules. How can this be set up? Describe SmartLock, the
types of SmartLock operations, and configure SmartLock.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartLock

SmartLock Overview

SmartLock is a licensed software application that enables cost-effective

and efficient protection against accidental, premature, or malicious
deletion or modification of data.
• WORM270
• SyncIQ integration271
• OneFS data services integration272

270 OneFS assigns SmartLock domains to WORM directories to prevent

modifying or deleting committed files. A SmartLock domain is
automatically created when creating a SmartLock directory.
271 SmartLock integrates with SyncIQ to provide failover capabilities and

retention on the SyncIQ source and target.

272 SmartLock seamlessly integrates with OneFS core capabilities and

add-on software for snapshots, replication, provisioning, backup and

restore, virtual environments and other key functions.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartLock

SmartLock Concepts

Before configuring SmartLock on a cluster, you must familiarize yourself

with a few concepts to fully understand the SmartLock requirements and
capabilities.

• Retention Period
• Compliance
• WORM

SmartLock Operating Modes

There are two SmartLock operation modes available to the cluster:

SmartLock compliance mode273 and SmartLock enterprise mode274.

Before creating SmartLock directories, you must activate a SmartLock

license on the cluster.

Compliance Enterprise

Only use if SEC 17a-4 must be Does not restrict cluster to follow
followed. SEC 17a-4 rules.

Configured during initial cluster Data is not modified until retention

install. dates have passed.

273 Compliance directories can be created only if the cluster has been
upgraded to SmartLock compliance mode.
274 SmartLock enterprise mode is the default SmartLock operation mode.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartLock

Root is disabled - must use References system clock.

compadmin account.

Admin tasks using sudo command.

References nonchangeable *Privilege deletes can be enabled.

Compliance Mode clock.

No option for privilege deletes.

* If you own a file and have the

ISI_PRIV_IFS_WORM_DELETE privilege or are logged in
through the root user account, you can delete the file before
the retention period passes through the privileged delete
feature. The privileged delete feature is not available for
compliance directories.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartLock

SmartLock Directory Types

1: OneFS supports standard non-WORM directories on the same cluster

with SmartLock directories.

2: Enterprise SmartLock directories are data retention directories that do

not meet SEC regulatory compliance requirements. Enterprise directories
are the most commonly used directories in a SmartLock configuration.
Enterprise SmartLock directories enable administrators or RBAC enabled
users the ability to delete files, which are known as privileged deletes. You
can enable or turn on, temporarily disable or turn off, or permanently
disable privileged deletes. The Enterprise directory may be fully populated
with data or empty when creating or modifying.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartLock

3: Compliance SmartLock directories are data retention directories that

meet SEC regulatory compliance requirements. Set up the cluster in
Compliance mode to support Compliance SmartLock directories.

When using SmartLock, there are two types of directories: enterprise and
compliance. A third type of directory is a standard or non-WORM275
directory.

You can upgrade276 an empty Enterprise SmartLock directory to a

Compliance SmartLock directory.

If using the compliance clock, you must copy data into the Compliance
SmartLock directory structure before committing the data to a WORM
state.

SmartLock Configuration

In this use case, the administrator wants to create a WORM directory

where files are locked down for a month. Once moved into the folder, the
files are committed to WORM.

275 OneFS supports standard non-WORM directories on the same cluster

with SmartLock directories.
276 When you upgrade, privileged deletes are disabled permanently and

cannot be changed back.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartLock

1: Setting to "On" enables the root user to delete files that are currently
committed to a WORM state.

2: Setting the SmartLock domain.

3: The default retention period is assigned when committing a file to a

WORM state without specifying a day to release the file from the WORM
state.

4: The minimum retention period ensures that files are retained in a

WORM state for at least the specified period of time. The maximum
retention period ensures that files are not retained in a WORM state for
more than the specified period of time.

5: After a specified period, a file that has not been modified is committed
to a WORM state.

6: Files committed to a WORM state are not released from a WORM state
until after the specified date, regardless of the retention period.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartLock

SmartLock CLI Example

Use case:
• The administrator requires a WORM directory where files are in a
WORM state for at least 30 days and are removed from the WORM
state after 60 days.
• The default retention is 60 days.
• Set minimum and maximum retention dates.

CLI:

# isi worm domains create

/ifs/finance/freeze_file -d use_max -m 30D -x 60D
--mkdir
o -d use_max uses the maximum retention as the default
retention.
o --mkdir creates the directory since it does not exist.
o Duration syntax is in the format YMWDhms.
Use the isi worm domains view command to verify the settings.

Committing Files to WORM

For a file to have a file retention date applied, and set to a read-only state,
you must commit the file to WORM.

Until the files are committed to WORM, files that are in a SmartLock
directory act as standard files that you can move, modify, or delete.

You can commit files manually or by using autocommit.

Manual Commit Autocommit Period

First set the retention date on the file, then Set per SmartLock domain.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartLock

commit the file to WORM. Sets a time period from

when the file was last
modified on a directory.

Commit files to WORM state using Windows After the time period
controls or UNIX commands. expires, the file is
Example: # chmod ugo-w automatically committed to
/ifs/finance/worm/JulyPayroll. WORM.
xls

SmartLock Considerations

Listed are areas to consider when discussing SmartLock.

• Retention settings apply to enterprise and compliance - explicit,
default, minimum, and maximum, retention date override.
• The system clock is the standard cluster time clock that is used for
non-WORM directories and Enterprise SmartLock directories.
• The compliance clock is used for Compliance SmartLock directories
only. Set it one time. The clock slowly drifts towards system clock (can
drift up to 14 days per year).
• Use compliance mode clusters only to meet the needs for regulatory
requirements.
• Root user is disabled on Compliance Mode cluster - use compadmin
to manage the cluster.
• No auto-delete of files - files past the retention period must be
identified.
• Limited search capability for expired files - individually test each file.
• You can use the isi worm files viewcommand to verify the
retention status for any file.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartLock

• Do not use rm -rf . The command option r deletes all files and
directories recursively, and option f avoids prompting before deleting.
• In OneFS versions later than OneFS 8.0.1, SyncIQ failback is
supported on SmartLock directories.

Activity: SmartLock

The web version of this content contains an interactive activity.

Challenge

Lab Assignment: Configure WORM on a directory.

Dell Technologies PowerScale Administration - On Demand-SSP

Monitoring Administration

Dell Technologies PowerScale Administration - On Demand-SSP

SmartLock

Monitoring Administration

Dell Technologies PowerScale Administration - On Demand-SSP

PowerScale HealthCheck

Scenario

Now, the task is to create a HealthCheck evaluation and schedule,

analyze the health of the cluster, and run periodic checks on different
OneFS services. A good habit is to create periodic health reports on a
weekly basis.

Dell Technologies PowerScale Administration - On Demand-SSP

PowerScale HealthCheck

HealthCheck Overview

WebUI, Cluster management > HealthCheck page.

The OneFS HealthCheck tool is a service that helps evaluate the cluster
health status and provides alerts to potential issues.

You can use HealthCheck to verify the cluster configuration and operation,
proactively manage risk, reduce support cycles and resolution times, and
improve uptime.

CLI command: isi healthcheck

CLI example to view the checklist items: isi healthcheck

checklists list

Dell Technologies PowerScale Administration - On Demand-SSP

PowerScale HealthCheck

Checklists and Checklist Items

The graphic shows the checklist items for the cluster_capacity check. The
HealthCheck terms and their definition are:

• Checklist - a list of one or more items to evaluate

• Checklist item - an evaluated article such as node capacity

For the CLI equivalent output use the "isi healthcheck

checklists view cluster_capacity" command.

Checklist Item Parameters

The CLI can be used to view the parameters of a checklist item. The
example shows CLI window viewing the node capacity item parameters.

Dell Technologies PowerScale Administration - On Demand-SSP

PowerScale HealthCheck

Running a HealthCheck

By default, a HealthCheck evaluation runs once a day at 11:00 AM. You

can run a HealthCheck using the WebUI.

The example shows selecting the Run option for the cluster_capacity
checklist. The HealthCheck table shows the status of the checklist.

CLI example of an evaluation:

isi healthcheck evaluation run cluster_capacity

Dell Technologies PowerScale Administration - On Demand-SSP

PowerScale HealthCheck

HealthCheck Schedule

You can manage the HealthCheck schedules of the checklists. By default,

the basic checklist is scheduled.

CLI example of creating a schedule called "capacity" for the

cluster_capacity checklist:
isi healthcheck schedules create capacity "Every day
at 10 PM" cluster_capacity

Dell Technologies PowerScale Administration - On Demand-SSP

PowerScale HealthCheck

Viewing an Evaluation

The evaluation can be viewed from the HealthChecks tab or the

Evaluations tab. For a failed evaluation, the file will show the checklist
items that failed.

CLI example for viewing a failed evaluation:

isi healthcheck evaluation view basic20200427T0400

Dell Technologies PowerScale Administration - On Demand-SSP

PowerScale HealthCheck

HealthCheck Resources

Resource: For additional information, see the Dell

Technologies PowerScale HealthCheck Info Hub and the
PowerScale OneFS isi healthcheck guide.

Challenge

Lab Assignment: Login to the cluster and create a HealthCheck schedule

and run a HealthCheck evaluation.

Dell Technologies PowerScale Administration - On Demand-SSP

InsightIQ

Scenario

The IT manager informed the administrators that InsightIQ is

installed on the system. The admins are required to learn the
functions and how it is configured, to gain the best
understanding of the use and trends of the cluster.

InsightIQ Overview

InsightIQ focuses on PowerScale data and performance. Listed are key

benefits for using InsightIQ. Refer to the student guide for more
information.
• Determine whether a storage cluster is performing optimally.
• Compare changes in performance across multiple metrics, such as
CPU usage, network traffic, protocol operations, and client activity.
• Correlate critical storage cluster events with performance changes.

Dell Technologies PowerScale Administration - On Demand-SSP

InsightIQ

• Determine the effect of workflows, software, and systems on storage

cluster performance over time.
• View and compare properties of the data on the file system.
• Identify users who are using the most system resources and identify
their activity.

InsightIQ is available for no charge and provides advanced analytics to

optimize applications, correlate workflow and network events. It provides
tools to monitor and analyze cluster performance and file systems. Cluster
monitoring includes performance, capacity, activity, trending, and analysis.
InsightIQ runs on separate hardware from the clusters that it monitors, and
provides a graphical output for trend observation and analysis. It does not
take cluster resources beyond the data collection process. InsightIQ
retains a configurable amount of historic information about the statistics it
collects. To prevent collection of a large backlog of data, InsightIQ retains
datasets to provide trending information over a year, but these settings are
configurable.

InsightIQ has a straightforward layout of independent components. Inside

the PowerScale cluster, the isi_stat_d generates and collects
monitoring and statistical data. The isi_api_d presents the data, which
also handles PAPI calls, over HTTP. The InsightIQ datastore can be local
to the host or external using an NFS mount from the PowerScale cluster,
or any NFS-mounted server. The datastore must have at least 70 GB of
free disk space. File System Analytics (FSA) data is kept in a database on
the cluster. InsightIQ accesses the cluster through PAPI rather than an
NFS mount.

InsightIQ is accessed through any modern web browser. If loading

InsightIQ on a Red Hat or CentOS Linux system, Dell Technologies
provides it in the form of an RPM package.

Qualifying Questions

• Where will InsightIQ datastore reside? Hosted on Isilon cluster or on

another server?

Dell Technologies PowerScale Administration - On Demand-SSP

InsightIQ

• Will the customer install InsightIQ on virtual or physical machine?

• Will the customer use FSA? If so, is customer aware of performance
hit? How often will it run?

InsightIQ Dashboard

The DASHBOARD provides an aggregated cluster overview and a

cluster-by-cluster overview.

You can modify the view to represent any time period where InsightIQ has
collected data. Also, breakouts and filters can be applied to the data. In
the Aggregated Cluster Overview section, you can view the status of all
monitored clusters as a whole. There is a list of all the clusters and nodes
that are monitored. Total capacity, data usage, and remaining capacity are
shown. Overall health of the clusters is displayed. There are graphical and
numeral indicators for connected clients, active clients, network
throughput, file system throughput, and average CPU usage. Depending
on the chart type, preset filters enable you to view specific data. For
example, In/Out displays data by inbound traffic compare with outbound
traffic.

You can also view data by file access protocol, individual node, disk,
network interface, and individual file or directory name. If displaying the
data by the client only, the most active clients are represented in the
displayed data. Displaying data by event can include an individual file
system event, such as read, write, or lookup. Filtering by operation class
displays data by the type of operation being performed.

Dell Technologies PowerScale Administration - On Demand-SSP

InsightIQ

Capacity Analysis

The capacity analysis pie chart is an estimate of usable capacity based on

the existing ratio of user data to overhead277.

277There is an assumption that data usage factors remain constant over

more use. If a customer uses the cluster for many small files and then
wants to add some large files, the result is not precisely what the system
predicts.

Dell Technologies PowerScale Administration - On Demand-SSP

InsightIQ

Default Reports

You can monitor clusters through customizable reports that display

detailed cluster data over specific periods of time.

• Performance reports
• File system reports
• Live reporting

Capacity Reporting and Forecasting

You can drill down to file system reporting to get a capacity reporting
interface that displays more detail about usage, overhead and anticipated
capacity.

Dell Technologies PowerScale Administration - On Demand-SSP

InsightIQ

• Get usage profile

• Forecasting

The administrator can select cluster information and use that as a typical
usage profile to estimate when the cluster reaches 90% full. The
information is useful for planning node/cluster expansion ahead of time to
avoid delays around procurement and order fulfillment.

The Plot data shows the granularity of the reporting available. The
Forecast data shows the breakout of information that is shown in the
forecast chart. Depending on the frequency and amount of variation,
outliers can have a major impact on the accuracy of the forecast usage
data.

Create Performance Report

There are three types of reports On the Create a New Performance

Report page.

Dell Technologies PowerScale Administration - On Demand-SSP

InsightIQ

• Live performance report from a template.

• Live performance report that is based on a saved performance report.
• Live performance reports that is based on one of the template reports.

Click for configuration steps278.

File System Analytics

FSA provides detailed information about files and directories on a

PowerScale cluster.

InsightIQ collects the FSA data from the cluster for display to the
administrator.

• FSA results sets location - /ifs/.ifsvar/modules/fsa.279

• Result sets routinely deleted to save storage.
• You can set the maximum number of result sets to retain.
• FSAnalyze job runs daily.280

278 In the Create a New Performance Report area, in the Performance

Report Name field, type a name for the live performance report. Select the
Live Performance Reporting checkbox. In the Select the Data You Want to
See area, specify the performance modules that you want to view in the
report. You can add a performance module or modify an existing one.
Repeat this step for each performance module that you want to include.
Save the report.
279 Unlike InsightIQ datasets, which are stored in the InsightIQ datastore,

FSA result sets are stored on the monitored cluster in the

/ifs/.ifsvar/modules/fsa directory.

Dell Technologies PowerScale Administration - On Demand-SSP

InsightIQ

Enable FSA

Before you can view and analyze data usage and properties through
InsightIQ, you must enable the FSA feature.

Important: FSAnalyze runs by default in snapshot based

mode (OneFS 8.0 and later). The snapshots can consume
large amounts of cluster capacity.

To enable FSA, Open the Monitored Clusters page by clicking Settings >
Monitored Clusters. In the Actions column for the cluster that you want to
enable or disable FSA, click Configure. The Configuration page displays.
Click the Enable FSA tab. To enable the FSA job, select Generate FSA
reports on the monitored cluster. To enable InsightIQ for FSA report,
select View FSA reports in InsightIQ.

280 The job collects information across the cluster, such as the number of
files per location or path, the file sizes, and the directory activity tracking.

Dell Technologies PowerScale Administration - On Demand-SSP

InsightIQ

If there are long time periods between the FSAnalyze job runs, the
snapshot can grow very large, possibly consuming much of the cluster's
space. To avoid large snapshot, you can disable the use of snapshots for
FSAnalyze. Disabling snapshot use means that the jobs may take longer
to run.

Considerations

Listed are areas to consider for InsightIQ:

• InsightIQ 4.x supports all versions of OneFS from 7.0 and later.
• By default, web browsers connect to InsightIQ over HTTPS or HTTP
using port 443 for HTTPS and port 80 for HTTP.
• A revert to a snapshot or modifications of the InsightIQ datastore can
cause datastore corruption.
• The maximum number of clusters that you can simultaneously monitor
is based on the system resources available to the Linux computer or
virtual machine.
• It is recommended that you monitor no more than eight storage
clusters or 150 nodes with a single instance of InsightIQ.
• In large clusters (16+ nodes) with nodes that have limited CPU such as
the A200, the CPU usage of the FSAnalyze job can get large.

Challenge

Lab Assignment: Now go to the lab and use InsightIQ to get a

performance baseline.

Dell Technologies PowerScale Administration - On Demand-SSP

isi statistics

Scenario

Along with getting familiar with Healthchecks and InsightIQ, the

IT manager wants the admins to learn about what isi
commands are available for monitoring. Discuss the different
monitoring options, explain the isi statistics functions,
and describe the difference between isi statistics and
InsightIQ.

Statistics and Status Commands

The three main commands that enable you to view the cluster from the
command line are isi status, isi devices, and isi statistics.

isi statistics

The isi statistics command has approximately 1,500 combinations

of data you can display as statistical output of cluster operations. The
statistics that are collected are stored in an sqlite3 database that is under
the /ifs folder on the cluster.

Dell Technologies PowerScale Administration - On Demand-SSP

isi statistics

The isi statistics command provides protocol, drive, hardware, and

node statistics281.

The output shows the operations by protocol. The example shows that
NFS clients are connected to node 6 with 278.5k bytes per second input
rate.

isi devices

The isi devices command displays information about devices in the

cluster and changes their status. There are multiple actions available
including adding drives and nodes to the cluster. Use the isi devices
command for drive states, hardware condition, node management, and
drive replacement management.

281 Other services such as InsightIQ, the WebUI, and SNMP gather
information using the "isi statistics" command.

Dell Technologies PowerScale Administration - On Demand-SSP

isi statistics

isi status

The isi status command displays information about the current status
of the cluster, alerts, and jobs. The example of the isi status output gives a
general node status, performance metrics, critical alerts, and Job Engine
status.

The --quiet option omits the alerts and Job Engine status output.

Tip: See the CLI Reference guide for a complete list of the
command options and output definitions.

Dell Technologies PowerScale Administration - On Demand-SSP

isi statistics

Basic isi statistics Functions

The isi statistics command dumps all collected stats, and you can
run the "query" subcommand on a specific statistic.

Some of the functions are listed below:

• You can build a custom isi statistics query that is not in the
provided subcommands
• Cluster and node statistics from kernel counters
• isi_stats_d

• Most data collection

• Works with InsightIQ

InsightIQ vs isi statistics

The table lists differences between isi statistics and InsightIQ.

In situations where InsightIQ is unavailable or malfunctioning, isi

statistics is a powerful and flexible way of gathering cluster data.

The isi statistics command within a cron job282 gathers raw

statistics over a specified time period.

InsightIQ isi statistics

Not licensed Not licensed

282 A cron job can run on UNIX-based systems to schedule periodic jobs.

Dell Technologies PowerScale Administration - On Demand-SSP

isi statistics

Graphical output Produces raw

CSV output on
demand

Not easily Easily scripted

scripted

Not easily Automate with

automated cron

Use from remote Use from any

host node

Web user Produces data

interface similar to other
UNIX utilities,
such as top

Fixed interval Flexible

sampling
interval

Example: Statistics for Drive Activity

The example output shows the isi statistics drive command for
the SSD drives on node 6.

Some column definitions:

• TimeInQ: Time in queue indicates how long an operation is queued on
a drive. Key for spindlebound clusters. A time in queue value of 10 to
50 milliseconds equals Yellow zone, a time in queue value of 50 to 100
milliseconds equals Red.

Dell Technologies PowerScale Administration - On Demand-SSP

isi statistics

• Queued: Queue depth indicates how many operations are queued on

drives. A queue depth of 5 to 10 is considered heavy queuing.
• Busy: Disk percent busy can be helpful to determine that the drive is
100% busy, but it does not indicate how much extra work might be in
the queue.

Example: Statistics by Most Active Files and Directories

The examples shows isi statistics heat, which uses --long to

include more columns.

The head -10 option displays the first 10 most active most accessed files
and directories.

The example node 6 output shows the Timestamp in Epoch timestamp

format, Ops as protocol operations, the Event type and Class (getattr is a
namespace read), and LIN for the file or directory associated with the
event.

Practical Skills

Combining large sets of collected data with log analysis can help identify
long-term trends and sources of trouble.

Dell Technologies PowerScale Administration - On Demand-SSP

isi statistics

1: Sometimes it is not possible to use InsightIQ to troubleshoot as

customers may not allow new software and may have time or facilities
constraints.

2: isi Statistics can fill the gaps. Skillful use of isi statistics
can produce equivalent information to what InsightIQ offers and contains
many performance-related options.

3: The isi statistics and isi_stats_d commands can help isolate

or identify issues where InsightIQ may not have visibility. Using isi
statistics keys can show specific metrics, such as isi
statistics query current --keys node.uptime displays the
node uptime.

4: isi_cache_stats is used to examine the state of data that is in

cache.

Activity: isi statistics

The web version of this content contains an interactive activity.

Dell Technologies PowerScale Administration - On Demand-SSP

isi statistics

Challenge

Lab Assignment: Go to the lab and run some isi commands

including isi statistics.

Dell Technologies PowerScale Administration - On Demand-SSP

isi statistics

You Have Completed This Content

Click the Save Progress & Exit button in the course menu or below
to record this content as complete.
Go to the next learning or assessment, if applicable.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

Create Export Task

Before performing this task:
• Add licenses like quota, snapshot.
• Start services like NFS, SMB that are disabled by default.

The default value to create an export task is "all" and is optional. All
components that are currently supported are http, quota, snapshot, nfs,
smb, s3, and ndmp.

1. Run the isi cluster config exports create command. The

following message appears:
The following message appears:
− Are you sure you want to export cluster
configuration? (yes/[no]):
2. Enter "yes".

A new export task like the following is created:

− Created export task 'Tjolley-ga9dy9j-
20210218065606'

DNS Primer

When discussing Domain Name System, or DNS, on a PowerScale

cluster, there are two facets to differentiate, DNS client and DNS server.

DNS is a hierarchical distributed database. The names in a DNS hierarchy

form a tree, which is called the DNS namespace. A set of protocols
specific to DNS allows for name resolution, more specifically, a Fully
Qualified Domain Name, or FQDN, to IP Address resolution.

Click the green "i" buttons to learn more.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

1: A FQDN is the DNS name of an object in the DNS hierarchy. A DNS

resolver query must resolve an FQDN to its IP address so that a
connection can be made across the network or the Internet. If a computer
cannot resolve a name or FQDN to an IP address, the computer cannot
make a connection, establish a session or exchange information. An
example of an FQDN looks like sales.isilon.xattire.com.

2: A single period (.) represents the root domain, and is the top level of the
DNS architecture.

3: Below the root domain are the top-level domains. Top-level domains
represent companies, educational facilities, nonprofits, and country codes
such as *.com, *.edu, *.org, *.us, *.uk, *.ca, and so on. A name registration
authority manages the top-level domains.

4: The secondary domain represents the unique name of the company or

entity, such as EMC, Isilon, Harvard, MIT.

5: The last record in the tree is the hosts record, which indicates an
individual computer or server.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

DNS Host Record: A or AAAA Record

The SmartConnect service IP on a PowerScale cluster must be created in

DNS as an address (A) record, also called a host entry.

What is an A record?283

For example, a server that is named centos would have an A record that
mapped the hostname centos to the IP address assigned to it:
centos.delledu.lab A 192.168.3.3 Where centos is the hostname,
delledu.lab is the domain name, and centos.delledu.lab is the FQDN.

283An A-record maps the hostname to a specific IP address to which the

user would be sent for each domain or subdomain. It is simple name-to-IP
resolution.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

The Name Server Record, or NS records, indicate which name servers

are authoritative for the zone or domain.

More about NS records.284

Tip: In an IPv6 environment, use the AAAA record in DNS,

and consult with the network administrator to ensure that
you are representing the IPv6 addresses correctly.

284Companies that want to divide their domain into sub domains use NS
records. Sub domains indicate a delegation of a portion of the domain
name to a different group of name servers. You create NS records to point
the name of this delegated sub domain to different name servers.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

DNS Delegation Best Practices

You must create an address (A) record in DNS for the SmartConnect
service IP. Delegating to an A record means that if you failover the entire
cluster, you can do so by changing one DNS A record. All other name
server delegations can be left alone. In many enterprises, it is easier to
update an A record than a name server record, because of the perceived
complexity of the process.

Delegation recommendation.285

285 The recommendation is to create one delegation for each

SmartConnect zone name or for each SmartConnect zone alias on a
cluster. This method permits failover of only a portion of the workflow—
one SmartConnect zone—without affecting any other zones. This method
is useful for scenarios such as testing disaster recovery failover and
moving workflows between data centers.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

Important: PowerScale does not recommend creating a

single delegation for each cluster and then creating the
SmartConnect zones as sub records of that delegation.
More286.

SmartConnect Example - Cluster Name Resolution

Process
The graphic shows how SmartConnect uses the X-Attire DNS server to
provide a layer of intelligence within the OneFS software application.

286Using this method would enable the PowerScale administrators to

change, create, or modify the SmartConnect zones and zone names as
needed without involving a DNS team, but causes failover operations to
involve the entire cluster and affects the entire workflow, not just the
affected SmartConnect zone.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

1: An NS record that delegates the subdomain isilon.xattire.com to the

name server with a hostname of SIP (sip.xattire.com). The
isilon.xattire.com NS sip.xattire.com states that clients looking to resolve
isilon.xattire.com should query the NS sip.xattire.com.

2: The A record maps the hostname sip.xattire.com to the IP address

192.168.0.100. Clients looking for isilon.xattire.com are forwarded to
sip.xattire.com and sip.xattire.com is found at 192.168.0.100.

3: All clients are configured to make requests from the resident DNS
server using a single DNS hostname. Because all clients reference a
single hostname, isilon.xattire.com, it simplifies the management for large
numbers of clients.

4: The resident DNS server forwards the delegated zone lookup request
to the delegated zone server of authority, here the SIP address of the
cluster.

5: SmartConnect evaluates the environment and determines which node

(single IP address) the client should connect to, based on the configured
policies.

6: SmartConnect then returns this information to the DNS server, which, in

turn, returns it to the client.

7: The client then connects to the appropriate cluster node using their
protocol.

NFS Connectivity

Remote Procedure Call (RPC)

NFS relies upon remote procedure call (RPC) for client authentication and
port mapping. RPC is the NFS method that is used for communication
between a client and server over a network. RPC is on Layer 5 of the OSI
model. Because RPC deals with the authentication functions, it serves as
gatekeeper to the cluster.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

NFS connectivity

Procedure of NFS connectivity is:

• The procedure always starts with a CALL from a client.287

• A server can reject a client CALL for one of two reasons.288

287 When the server receives the CALL, it performs the service that is
requested and sends back the REPLY to the client. During a CALL and
REPLY, RPC looks for client credentials, that is, identity and permissions.
288 If the server is not running a compatible version of the RPC protocol, it

sends an RPC_MISMATCH. If the server rejects the identity of the caller,

it sends an AUTH_ERROR.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

• Portmapper provides the client RPC process with service ports.289

• RPC services cannot run unless they register with portmapper.290

When the RPC services start up on the cluster, it registers with

portmapper. The service tells portmapper what port number it is listening
on, and what RPC program numbers it is prepared to serve.

Video

NFS Connectivity video. A downloadable transcript of the video is

available from the player.

Movie:
The web version of this content contains a movie.

HDFS Topic
• Data Lakes and Analytics
• HDFS Overview Video
• OneFS with Hadoop
• OneFS vs. Hadoop
• HDFS Administration
• Best Practices Resources

289 Portmapper acts as a gatekeeper by mapping RPC ports to IP ports on

the cluster so that the right service is offered.
290 Clients calling for an RPC service need two pieces of information, the

number of the RPC program it wants to call and the IP port number.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

Journal Behavior for Node Pairs

When a node boots, it first checks its own vault resources before querying
its paired node. This way if the node can recover its journal from its own
resources, there is no need to query the paired node. But, if the journal is
bad, the node can identify the journal condition from its node state block
data, and recovery should be possible. There is a consequence to the
nodes running in pairs. If a node runs unpaired, it is under-protected.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

Concurrency Examples
The process of striping spreads all write operations from a client291 across
the nodes of a cluster. Each tab illustrates a file that is broken down into
chunks, after which it is striped across disks292 in the cluster along with the
FEC.

Concurrency 256 KB File

The graphic illustrates concurrency with a 256 KB file.

291 A client is connected to only one node at a time. However when that
client requests a file from the cluster, the client connected node does not
have the entire file locally on its drives. The client-connected node
retrieves and rebuilds the file using the back-end network.
292 Even though a client is connected to only one node, when that client

saves data to the cluster, the write operation occurs in multiple nodes. The
scheme is true for read operations also.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

Concurrency 128 KB File

All files 128 KB or less are mirrored. For a protection strategy of N+1 the
128 KB file has 2 instances, the original data and one mirrored copy.

Concurrency 192 KB File

The example shows a file that is not evenly distributed in 128 KB chunks.
Blocks in the chunk that are not used are free for use in the next stripe
unit. Unused blocks in a chunk are not wasted.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

Concurrency 1 MB with +2d:1n

The example shows +2d:1n protection of a 1 MB file. The file is divided

into eight data stripe units and four FEC units. The data is laid out in two
stripes over two drives per node to achieve the protection.

Data Lakes and Analytics

A Data Lake is a central data repository that enables organizations to
access and manipulate the data using various clients and protocols. The
flexibility keeps IT from managing and maintaining a separate storage
solution (silo) for each type of data such as SMB, NFS, Hadoop, SQL, and
others.

The inclusion of platform-as-a-service, or PaaS, makes building 3rd

platform applications simple and efficient.

Select each i buttons for information about ingest and OneFS storage.

Infographic highlighting ingesting data to a data lake and storage

protection OneFS offers.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

1: A Data Lake-based ingest captures a wider range of datatype than

were possible in the past. Data is stored in raw, unprocessed forms to
ensure that no information is lost. Massively parallel processing and in
memory technologies enable data transformation in real time as data is
analyzed. Because the Data Lake has a single, shared repository, more
tools can be made available on demand, enabling data scientists and
analysts to find insights. The Data Lake makes it simple to surface the
insights in a consistent way to executives and managers so that decisions
are made quickly.

2: Utilizing PowerScale to hold the Hadoop data gives you all of the
protection benefits of the OneFS operating systems. You can select any of
the data protection levels that OneFS offers giving you both disk and node
fault tolerance.

Resource: For more information, go to the PowerScale

technical documents and videos page.

HDFS Overview Video

The video provides an overview of a typical Hadoop topology and how
PowerScale fits into a Hadoop solution. For a video transcript, download
from the video player or see the student guide.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

Movie:

The web version of this content contains a movie.

URL:
https://edutube.emc.com/Player.aspx?vno=kVTYthcIg4kBHj0ryts2HA==&a
utoplay=true

Hadoop enables the distributed process in a large data set across clusters
of servers. Hadoop clusters can dynamically scale up and down based on
the available resources and the required service levels. Let’s see a
traditional Hadoop cluster.

The components are the Name Nodes, Secondary Name Nodes and Data
Nodes. The Name Node holds the metadata or the location information for
every file in the cluster.There is also a Secondary Name Node that is a
backup for the Name Node. The secondary Name Node is passive.As the
name implies, the Data Node is where the data resides. Data is spread
across the node with a 3X mirror.A logical compute process runs on each
data node handling compute operations such as, MapReduce that runs
analytic jobs. In a traditional Hadoop only environment, the HDFS is a
read-only file system. As you can imagine, it would be difficult to do
analysis on a data set that constantly changes.Typically, Hadoop data
exists in silos. Production data is maintained on production servers and
then copied to a landing zone server which then imports or ingests the
data into HDFS. It is important to note that the data on HDFS is not
production data, it is copied from another source. Where does the
PowerScale fit into this solution?

Implementing the PowerScale allows the production data to reside on the

PowerScale cluster, so there is no need for a landing zone or exporting it
from the production environment. The MapReduce continues to run on
dedicated Hadoop compute nodes. PowerScale requires the Hadoop front
end to do the data analysis. Hadoop compute clients can connect to any
node on the cluster that functions as a Name Node instead of being routed
by a single Name Node. The Hadoop clients connect over HDFS to
access data on the PowerScale cluster. Windows, Linux, and Mac OSX
clients still access the cluster over SMB, NFS, FTP and HTTP. HDFS
connections are made up of two separate connections, a Name Node

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

connection, and a Data Node connection. For Data Node IP allocation, the
Name Node gets all the IPs in the access zone.

If the first node shows any issues, the client will use the second and then
a third IP to finish their Hadoop jobs. This provides an automated retry for
clients. Data Node load balancing and pipeline write recover fixes
issues where a Data Node runs out of threads. Features are available in
OneFS 8.0.1 and later. In closing, there are 2 top known issues with Name
Node to Data Node IP addresses allocation. First is when there are
multiple access zones for HDFS, the Name Node can give out IP
addresses from a different access zone. Second, opening multiple security
context can cause the error “status: too may files open”, all Data Nodes
are bad errors. The pipeline write recovery feature fixes the security
context issue.

Next a Name Node looks at the rack configuration and gets the IP
addresses for the rack. The Name Node also checks if any IP addresses
are blacklisted. Then the Name Node gives out rack IP addresses first
based on client IP otherwise it returns IP addresses across the entire
zone. Data Node load balancing is a PowerScale feature that allocates IP
addresses from a Name Node. The IP addresses given when metadata is
requested is from the nodes that have the lowest connection count. When
a client sends a request to write to the cluster, PowerScale’s pipeline
write recovery feature provides 3 Data Node IP addresses to the client.

CloudPools is an extension of the SmartPools tiering capabilities in the

Let us look at an example, each chassis in the cluster represents a tier of

storage. The topmost chassis is targeted for the production high-
performance workflow and may have node such as F800s. When data is
no longer in high demand, SmartPools moves the data to the second tier
of storage. The example shows the policy moves data that is not accessed
and that is over thirty days old. Data on the middle tier may be accessed
periodically. When files are no longer accessed for more than 90 days,
SmartPools archive the files to the lowest chassis or tier such as A200
nodes.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

CloudPools files undergo a compression algorithm and then are broken

OneFS with Hadoop

To recap the overview, all production data resides on PowerScale. This

removes the task of exporting it from your production applications and
importing it as with a traditional Hadoop environment. The MapReduce
continues to run on dedicated Hadoop compute nodes. PowerScale

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

requires this Hadoop front end to do the data analysis. PowerScale holds
the data so that Hadoop, applications, or clients can manipulate it.

Resource: For supported platforms, see the Hadoop

Distributions and Products Supported by OneFS web page.

OneFS vs. Hadoop

The table showcases the benefits of OneFS compared with Hadoop. For
details, select the underlined functions.

Function Hadoop OneFS

Data protection 3x mirror, no replication Snapshots, clones,

SyncIQ

Data migration293 Needs landing zone. Data on cluster

Security294 Kerberos authentication AD, LDAP, and

unsupported Kerberos

293Hadoop requires a landing zone to stage data before using tools to

ingest data to the Hadoop cluster. PowerScale enables cluster data
analysis by Hadoop. Consider the time that it takes to push 100 TB across
the WAN and wait for it to migrate before any analysis can start.
PowerScale does in place analytics so no data moves around the network.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

Deduplication 3x mirror = 33% 80% storage

efficiency efficiency

Compliance and No native encryption SEDs, ACLs,

security POSIX, access
zones, RBAC, SEC
compliant

Multi distribution 1 physical HDFS = 1 Co-mingle physical

support295 distribution of Hadoop and virtual versions.

HDFS Administration
The graphic shows the WebUI Protocols, Hadoop (HDFS), Settings
page, and the corresponding isi hdfs settings command output.

Select each i button for details.

294 Hadoop assumes that all members of the domain are trusted.
PowerScale supports integrating with AD or LDAP, and gives you the
ability to safely segment access.
295 Each physical HDFS cluster can only support one distribution of

Hadoop. PowerScale can co-mingle physical and virtual versions of any

Apache standards-based distributions.

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

1: The Default block size determines how the HDFS service returns data
upon read requests from a Hadoop compute client. The server-side block
size determines how the OneFS HDFS daemon returns data to read
requests. Leave the default block size at 128 MB. If the customer runs an
older version of HDFS, consider a 64 MB block size. If the block size is set
to high, many read/write errors and performance problems occur. Tune on
setup.

2: Default checksum type is used for old HDFS workflows. Because

OneFS uses forward error correction, checksums for every transaction are
not used, as it can cause a performance issue.

3: The HDFS Authentication type is on a per-access zone basis. The

authentication method can be Simple, Kerberos, or both.

4: The Ambari client/server framework is a third-party tool that enables

admins to configure, manage, and monitor a Hadoop cluster through a
browser-based interface.

5: Odp version - on updates, the Hortonworks version must match the

version that is seen in Ambari. Version conflict is common when a
customer upgrades Hortonworks. Can cause jobs not to run. Installation
also fails when Odp version does not match.

6: Proxy users for secure impersonation can be created on the Proxy

users tab. For example, create an Apache Oozie proxy user to securely
impersonate a user called HadoopAdmin. Enable the Oozie user to
request that the HadoopAdmin user perform Hadoop jobs. Apache Oozie

Dell Technologies PowerScale Administration - On Demand-SSP

Appendix

is an application that can automatically schedule, manage, and run

Hadoop jobs.

7: On the Virtual racks tabs, nodes can be preferred along with an

associated group of Hadoop compute clients to optimize access to HDFS
data.

Resource: An HDFS implementation is more involved than

discussed in this topic. For complete configuration details,
see the HDFS Reference Guide.

Best Practices Resources

• Visit the Using Hadoop with OneFS Info Hub web page for
documentation.
• Use the Isilon Hadoop tools to create users and groups in the local
provider.

Dell Technologies PowerScale Administration - On Demand-SSP

A200
The A200 is an ideal active archive storage solution that combines near-
primary accessibility, value, and ease of use. The A200 provides between
120 TB to 960 TB per chassis and scales to 60 PB in a single cluster.

A2000
The A2000 is an ideal solution for high-density, deep archive storage that
safeguards data efficiently for long-term retention. The A2000 stores up to
1280 TB per chassis and scales to over 80 PB in a single cluster

A300
An ideal active archive storage solution that combines high performance,
nearline accessibility, value, and ease of use. The A300 provides between
120 TB to 1.2 PB per chassis and scales to 75 PB in a single cluster. The
A300 includes inline compression and deduplication capabilities.

A3000
An ideal solution for high-performance, high-density, deep archive storage
that safeguards data efficiently for long-term retention. The A3000 stores
up to 1.6 PB per chassis and scales to 100 PB in a single cluster. The
A3000 includes inline compression and deduplication capabilities.

Cache - L1
Client-side cache. L1 cache refers to read transaction requests, or when
a client requests data from the cluster. L1 cache is stored in a segmented
area of the node RAM and as a result is fast. Related to L1 cache is the
write cache or the write coalescer that buffers write transactions from the
client. The write cache is flushed after successful write transactions. In
OneFS, the two similar caches are distinguished based on their read or
write functionality. Client-side caching includes both the in and out client
transaction buffers.

Cache - L2

Dell Technologies PowerScale Administration - On Demand-SSP

Storage side or node-side buffer. Buffers write transactions and L2 writes
to disk and prefetches anticipated blocks for read requests, sometimes
called read ahead caching. For write transactions, L2 cache works with
the journaling process to ensure protected committed writes. As L2 cache
becomes full, data in L2 cache is evicted according to a Least Recently
Used (LRU) algorithm.

Cache - L3
Stored on SSDs, L3 cache holds file data and metadata released from L2
cache, effectively increasing L2 cache capacity.

Chimer Nodes
Chimers are nodes which can contact the external NTP servers. By
default, if the cluster has more than three nodes, three of the nodes are
selected as ‘chimers’. If the cluster comprises three nodes or less, only
one node will be selected as a chimer. If no external NTP server is set,
they will use the local clock instead. The other non-chimer nodes will use
the chimer nodes as their NTP servers. The chimer nodes are selected by
the lowest node number which is not excluded from chimer duty.

Dynamic Aggregation Mode

A dynamic aggregation mode enables nodes with aggregated interfaces to
communicate with the switch so that the switch can use a comparable
mode.

F200
Provides the performance of flash storage in a cost-effective form factor to
address the needs of a wide variety of workloads. Each node can scale
raw storage capacity from 3.84 TB to 30.72 TB per node and up to 7.7 PB
of raw capacity per cluster. The F200 includes in-line compression and
deduplication. The minimum number of F200 nodes per cluster is three
while the maximum cluster size is 252 nodes. The F200 is best suited for
remote offices, small M&E workloads, small hospitals, retail outlets, IoT,
factory floor, and other similar deployment scenarios.

F600

Dell Technologies PowerScale Administration - On Demand-SSP

With NVMe drives, the F600 provides a larger capacity with performance
in a cost-effective compact form factor to power demanding workloads.
Each node allows you to scale raw storage capacity from 15.36 TB to 240
TB per node and up to 60 PB of raw storage per cluster. The F600
includes inline software data compression and deduplication. The
minimum number of F600 nodes per cluster is three while the maximum
cluster size is 252 nodes. The F600 is best suited for M&E studios,
hospitals, and financials that need performance and capacity for
demanding workloads.

F800
The F800 is suitable for workflows that require extreme performance and
efficiency. It is an all-flash array with ultra-high performance. It delivers up
to 250,000 IOPS and up to 15 GB/s aggregate throughput in a single
chassis configuration. Also, it delivers up to 15.75M IOPS and 945 GB/s of
aggregate throughput in a 252 node cluster. The raw storage capacity
scales from 96 TB to 924 TB in a single 4U chassis and up to 58 PB in a
single cluster.

F810
The F810 is suitable for workflows that require extreme performance and
efficiency. The F810 also provides high-speed inline data deduplication
and in-line data compression. It delivers up to 3:1 efficiency, depending on
your specific dataset and workload. The F810 delivers up to 250,000 IOPS
and up to 15 GB/sec aggregate throughput in a single chassis
configuration. It delivers up to 15.75M IOPS and 945 GB/s of aggregate
throughput in a 252 node cluster. The raw storage capacity scales from
230 TB to 924 TB in a 4U chassis and up to 58 PB in a single cluster.

F900

Dell Technologies PowerScale Administration - On Demand-SSP

Provides the maximum performance of all-NVMe storage in a cost-
effective configuration to address the needs of demanding workloads.
Each node is 2U in height and hosts 24 NVMe SSDs. It can scale raw
storage capacity from 46 TB to 720 TB per node and up to 186 PB of raw
capacity per cluster. The F900 includes in-line compression and
deduplication. The minimum number of F900 nodes per cluster is three
while the maximum cluster size is 252 nodes. The F900 is best suited for
Media and Entertainment 8K, genomics, algorithmic trading, artificial
intelligence, machine learning, and HPC workloads.

File Pool Policy

File pool policies enable you to filter files and directories and store them
on specific node pools or tiers according to criteria that you specify. You
can change the storage pool tier, change the optimization, and change the
protection level if the file or directory no longer requires greater protection.
You can trigger the changes at any time and on any directory or file.

File Provider
A file provider enables you to supply an authoritative third-party source of
user and group information to a cluster. A third-party source is useful in
UNIX and Linux environments that synchronize /etc/passwd,
/etc/group, and etc/netgroup files across multiple servers.

Global Namespace Acceleration (GNA)

GNA enables the use of SSDs for metadata acceleration across the entire
cluster. GNA also uses SSDs in one part of the cluster to store metadata
for nodes that have no SSDs. The result is that critical SSD resources are
maximized to improve performance across a wide range of workflows.

Groupnet

Dell Technologies PowerScale Administration - On Demand-SSP

A groupnet is a container that includes subnets, IP address pools, and
provisioning rules. Groupnets can contain one or more subnets, and every
subnet is assigned to a single groupnet. Each cluster contains a default
groupnet named groupnet0 that contains an initial subnet named subnet0,
an initial IP address pool named pool0, and an initial provisioning rule
named rule0. Groupnets reside at the top tier of the networking hierarchy
and are the configuration level for managing multiple tenants on your
external network. DNS client settings, such as nameservers and a DNS
search list, are properties of the groupnet.
Each groupnet is referenced by one or more access zones. When creating
an access zone, specify a groupnet. If a groupnet is not specified, the
access zone will reference the default groupnet. The default System
access zone is automatically associated with the default groupnet.
Authentication providers that communicate with an external server, such
as Active Directory and LDAP, must also reference a groupnet.

Groupnet
The groupnet is a top-level networking container that manages hostname
resolution against DNS nameservers and contains subnets and IP
address pools. Groupnets are how the cluster communicates with the
world. The groupnet specifies which networking properties the Active
Directory provider will use when communicating with external servers. If
the cluster communicates to another authentication domain, it must find
that domain. To find another authentication domain, you need a DNS
setting to route to that domain. With OneFS 8.0 and later releases,
groupnets can contain individual DNS settings.

H400
The H400 provides a balance of performance, capacity, and value to
support a wide range of file workloads. It delivers up to 3 GB/s bandwidth
per chassis and provides capacity options ranging from 120 TB to 960 TB
per chassis. The H400 uses a medium compute performance node with
SATA drives.

H500

Dell Technologies PowerScale Administration - On Demand-SSP

The H500 is a versatile hybrid platform that delivers up to 5 GB/s
bandwidth per chassis with a capacity ranging from 120 TB to 960 TB per
chassis. It is an ideal choice for organizations looking to consolidate and
support a broad range of file workloads on a single platform. H500 is
comparable to a top of the line X410, combining a high compute
performance node with SATA drives. The whole Gen 6 architecture is
inherently modular and flexible with respect to its specifications.

H5600
The H5600 combines massive scalability – 1.28 PB (raw) per chassis and
up to 8 GB/s bandwidth in an efficient, highly dense, deep 4U chassis. The
H5600 delivers inline data compression and deduplication. It is designed
to support a wide range of demanding, large-scale file applications and
workloads.

H600
The H600 is designed to provide high performance at value, delivers up to
120,000 IOPS and up to 12 GB/s bandwidth per chassis. It is ideal for
high-performance computing (HPC) workloads that don’t require the
extreme performance of all-flash. These are spinning media nodes with
various levels of available computing power - H600 combines our turbo
compute performance nodes with 2.5" SAS drives for high IOPS
workloads.

H700
Provides maximum performance and value to support demanding file
workloads. The H700 provides capacity up to 1.2 PB per chassis and 75
PB per cluster. The H700 includes inline compression and deduplication
capabilities.

H7000
Provides versatile, high-performance, high-capacity hybrid platform with
up to 1.6 PB per chassis and 100.8 PB per cluster. The deep-chassis
based H7000 is ideal to consolidate a range of file workloads on a single
platform. The H7000 includes inline compression and deduplication
capabilities.

Dell Technologies PowerScale Administration - On Demand-SSP

Hadoop
Hadoop is an open-source software framework that provides a scalable
and distributed platform for storing and processing large datasets. Hadoop
is designed to scale up from a single server to thousands of servers.
Hadoop clusters dynamically scale up and down based on the available
resources and the required services levels. Performance varies widely for
processing, and queries can take a few minutes to multiple days
depending on how many nodes and the amount of data requested.

Home Directory
Home directory provisioning creates a single home share that redirects
users to their SMB home directories. If one does not exist, a directory is
automatically created.

InsightIQ File System Reports

File system reports include data about the files that are stored on a
cluster. The reports have use if, for example, you want to identify the types
of data being stored and where that data is stored. Before applying a file
system report, enable InsightIQ File System Analytics for that cluster.

InsightIQ Live Reporting

InsightIQ supports live versions of reports that are available through the
InsightIQ web application. You can create live versions of both
performance and file system reports. You can modify certain attributes as
you view the reports, including the time period, breakouts, and filters.

InsightIQ Performance Reports

Performance reports have information about cluster activity and capacity.
For example, to determine whether clusters are performing as expected,
or if you want to investigate the cause of a performance issue, the reports
are useful.

isi get

Dell Technologies PowerScale Administration - On Demand-SSP

The isi get command displays the protection settings on an entire directory
path or, as shown, a specific file without any options. The POLICY or
requested protection policy, the LEVEL or actual protection, the
PERFORMANCE or data access pattern are displayed for each file. Using
with a directory path displays the properties for every file and subdirectory
under the specified directory path. Output can show files where protection
is set manually. Mirrored file protection is represented as 2x to 8x in the
output.

Job - Default Impact Policy

The default impact policy is the amount of system resources that the job
uses compared to other system maintenance jobs running simultaneously.

Job - Schedule
With the Schedule options, you can start the job manually or set to run on
a regularly scheduled basis.

LACP Aggregation Mode

LACP balances outgoing traffic across the interfaces based on hashed
protocol header information that includes the source and destination
address and the VLAN tag, if available.

Layers of Access
Protocol Layer - The first layer is the protocol layer. Protocols may be
Server Message Block, or SMB, Network File System, or NFS, File
Transfer Protocol, or FTP, or some other protocol.
Authentication Layer - The authentication layer identifies a user using a
system such as NIS, local files, or Active Directory.
Identity Assignment Layer - The third layer is identity assignment. This
layer is based on the results of the authentication layer, but there are
some cases that need identity mediation within the cluster, or where roles
are assigned within the clusters that are based on user identity.
Authorization Layer - Finally, based on the established connection and
authenticated user identity, the file and directory permissions are
evaluated. The evaluation determines whether the user is entitled to
perform the requested data activities.

Dell Technologies PowerScale Administration - On Demand-SSP

Local Provider
Local authentication is useful when Active Directory, LDAP, or NIS
directory services are not configured or when a specific user or application
needs access to the cluster. Local groups can include built-in groups and
Active Directory groups as members

MTTDL
MTTDL is a statistical calculation that estimates the likelihood of a
hardware failure resulting in data loss. MTTDL is a system view of
reliability and asks the question “What happens when hardware does fail,
and will I lose any data when it does?”

NFS
Network File System, or NFS, is an open standard that UNIX clients use.
The NFS protocol enables a client computer to access files over a
network. NFS clients mount the OneFS export that is accessible under a
client mountpoint. The mountpoint is the directory that displays files from
the server. The NFS service enables you to create as many NFS exports
as needed.

NFS Failover
NFS enables clients to transparently fail over to another node when a
network or node fails. The failover ability enables movement from one
node to another and no manual intervention on the client side. Movement
to another node enables a continuous workflow from the client side with
no appearance or disruption to their working time.

OneFS Multi-Tenancy
With OneFS, multi-tenancy enables the PowerScale cluster to
simultaneously handle more than one set of networking configurations.
Multi-Tenant Resolver, or MTDNS is a subset of multi-tenancy that
pertains to hostname resolution against DNS name servers. Each tenant
on the cluster can have its own network settings. Before OneFS 8.0, you
could only define one set of DNS servers on the cluster.

Quotas - Accounting

Dell Technologies PowerScale Administration - On Demand-SSP

Accounting quotas monitor, but do not limit, disk storage. With accounting
quotas, you can review and analyze reports to help identify storage usage
patterns. Accounting quotas assist administrators to plan for capacity
expansions and future storage requirements. Accounting quotas can track
the amount of disk space that various users or groups use.

Quotas - Advisory
Advisory quotas do not deny writes to the disk, but they can trigger alerts
and notifications after the threshold is reached.

Quotas - Enforcement
Enforcement quotas include the functionality of accounting quotas and
enable the sending of notifications and the limiting of disk storage.

Quotas - Hard Quota

Hard quotas limit disk usage to a specified amount. Writes are denied
after reaching the hard quota threshold and are only permitted when the
used capacity falls below the threshold.

Quotas - Soft Quota

Soft quotas enable an administrator to configure a grace period that starts
after the threshold is exceeded. After the grace period expires, the
boundary becomes a hard quota, and writes are denied. If the usage
drops below the threshold, writes are again permitted.

Reed-Solomon
OneFS uses the Reed-Solomon algorithm, which is an industry standard
method to create error-correcting codes, or ECC, at the file level.

Retention Period

Dell Technologies PowerScale Administration - On Demand-SSP

A retention period is the length of time that a file remains in a WORM state
before being released from a WORM state. You can configure SmartLock
directory settings that enforce default, maximum, and minimum retention
periods for the directory. If you manually commit a file, you can optionally
specify the date that the file is released from a WORM state. You can
configure a minimum and a maximum retention period for a SmartLock
directory to prevent files from being retained for too long or too short a
time period. It is recommended that you specify a minimum retention
period for all SmartLock directories. For example, assume that you have a
SmartLock directory with a minimum retention period of two days. At 1:00
PM on Monday, you commit a file to a WORM state, and specify the file to
be released from a WORM state on Tuesday at 3:00 PM. The file will be
released from a WORM state two days later on Wednesday at 1:00 PM,
because releasing the file earlier would violate the minimum retention
period. You can also configure a default retention period that is assigned
when you commit a file without specifying a date to release the file from a
WORM state.

RFC 2307 Compliant

Use Microsoft Active Directory with Windows Services for UNIX and RFC
2307 attributes to manage Linux, UNIX, and Windows systems.
Integrating UNIX and Linux systems with Active Directory centralizes
identity management and eases interoperability, reducing the need for
user-mapping rules. Make sure your domain controllers are running
Windows Server 2003 or later.

Scale-out Solution
Not all clustered NAS solutions are the same. Some vendors overlay a
management interface across multiple independent NAS boxes. An
overlay gives a unified management interface but does not unify the file
system. While this approach does ease the management overhead of
traditional NAS, it still does not scale well.

Dell Technologies PowerScale Administration - On Demand-SSP

With scale-out, a single component (node) of a system or cluster contains
the performance, compute, and capacity. As the need for capacity or
compute power increases, you add more nodes to the cluster. The node is
not equivalent to a scale-up controller as disk capacity is not added to a
node. The cluster scales out as nodes you add nodes, making it a much
more scalable solution than a scale-up implementation.

Scale-up Solution
The two controllers can run active/active or active-passive. For more
capacity, add another disk array. Each of these components is added
individually. As more systems are added, NAS sprawl becomes an issue.

Scale-up Storage
Scale-up storage is an architecture type that is common in the enterprise
space. High performance, high availability single systems that have a fixed
capacity ceiling characterize scale-up.

SmartCache
SmartCache is a globally coherent read and write caching infrastructure
that provides low latency access to content. Like other resources in the
cluster, as more nodes are added, the total cluster cache grows, enabling
OneFS to deliver predictable, scalable performance within a single
filesystem. OneFS write caching uses write buffering to aggregate, or
coalesce, multiple write operations to the NVRAM file systems journals so
that they can be written to disk safely and more efficiently. This form of
buffering reduces the disk write penalty which could require multiple reads
and writes for each write operation.

SmartDedupe
OneFS deduplication saves a single instance of data when multiple
identical instances of that data exist, in effect, reducing storage
consumption. Deduplication can be done at various levels: duplicate files,
duplicate blocks in files, or identical extents of data within files. Stored
data on the cluster is inspected, block by block, and one copy of duplicate
blocks is saved, thus reducing storage expenses by reducing storage
consumption. File records point to the shared blocks, but file metadata is
not deduplicated.

Dell Technologies PowerScale Administration - On Demand-SSP

SmartLock Compliance
Compliance is a regulatory requirement that carries certain restrictions as
to how retention must be implemented. The simple Securities and
Exchange Commission (SEC) Rule 17a-4(f) definition states that:“the
requirement in paragraph (f)(2)(ii)(A) of the rule permits use of an
electronic storage system that prevents the overwriting, erasing, or
otherwise altering of a record during its required retention period through
the use of integrated hardware and software control codes.”This rule is
often seen as the regulatory standard that must be met for data retention
by other regulatory agencies. OneFS uses a specific compliance clock for
SmartLock Compliance retention. System integrity is one of the required
elements to guarantee that the retention of the file meets the compliance
requirements. The system must be secure and protect against
modifications which could allow data to be modified or deleted. Retention
date integrity is another requirement that refers to how the retention date
is stored and accessed so that retention time requirements are met.

SmartLock WORM
SmartLock provides WORM (write-once/read-many) status on files. In a
WORM state, files can be read but not modified. "Committing" a file is
changing a file from a read/write state to a WORM state that has a
retention expiration date. Files are committed to a WORM state when
using SmartLock.

SmartPools
SmartPools is a software module that enables administrators to define and
control file management policies within a cluster.

SmartPools Advanced License

The advanced feature, disk pool spillover management, enables the
choice whether write operations are redirected to another node pool when
the target node pool is full. If SmartPools is unlicensed, spillover is
automatically enabled.

SmartPools Basic License

Dell Technologies PowerScale Administration - On Demand-SSP

A single tier has only one file pool policy that applies the same protection
level and I/O optimization settings to all files and folders in the cluster. The
basic version of SmartPools supports virtual hot spares, enabling space
reservation in a node pool for reprotection of data. OneFS implements
SmartPools basic by default.

SMB Continuous Availability (CA)

CA enables SMB clients to transparently and automatically failover to
another node if a network or node fails. CA is supported with Microsoft
Windows 8, Windows 10, and Windows 2012 R2 clients.

SMB Server-Side Copy

Clients using server-side copy can experience considerable performance
improvements for file copy operations, like CopyFileEx or "copy-paste"
when using Windows Explorer. Server-side copy only affects file copy or
partial copy operations in which the source and destination file handles
are open on the same share and does not work for cross-share
operations.

Snapshot - Copy on Write (CoW)

CoW is used for user-generated snapshots. With CoW, a new write to
HEAD results in the old blocks being copied out to the snapshot version
first. CoW is most prevalent in OneFS, and is primarily used for small
changes, inodes, and directories.

Snapshot - Redirect on Write (RoW)

RoW are system defined snapshots. RoW avoids the double write penalty
by writing changes to a snapshot protected file directly to another free
area of the file system. However, RoW has increased file fragmentation.
RoW in OneFS is used for more substantial changes such as deletes and
large sequential writes.

Snapshot Manual Create

Manual snapshots are useful to create a snapshot immediately, or at a
time that is not specified in a snapshot schedule. For example, if planning
to change the file system, but are unsure of the consequences, capture
the current file system state using a snapshot before making changes.

Dell Technologies PowerScale Administration - On Demand-SSP

Snapshot Schedule
The most common method is to use schedules to generate the snapshots.
A snapshot schedule generates snapshots of a directory according to a
schedule. A benefit of scheduled snapshots is not having to manually
create a snapshot every time wanted. An expiration period should be
assigned to the snapshots that are generated, automating the deletion of
snapshots after the expiration period.

SnapshotIQ
OneFS snapshots are used to protect data against accidental deletion and
modification. Because snapshots are available locally, users can restore
their data without administrative intervention.

Static Aggregation Mode

Static modes do not facilitate communication between nodes and the
switch.

Storage Pool Global Settings

Global settings include L3 cache enablement status, global namespace
acceleration (GNA) enablement, virtual hot spare (VHS) management,
global spillover settings, and more. You can use the "isi storagepool"
command to manage the SmartPools settings.

System Zone
The default access zone of the cluster is ”System,” and it uses an internal
authentication provider. You can configure external providers for the
System access zone.

Virtual Hot Spare (VHS)

VHS is available with the licensed and unlicensed SmartPools module. By
default, all available free space on a cluster is used to rebuild data. The
virtual hot spare option reserves free space for this purpose. VHS
provides a mechanism to assure that space is always available and to
protect data integrity when the cluster space is overused.

Dell Technologies PowerScale Administration - On Demand-SSP

Powerflex 4.X Appliance and Rack Design Student Guide: Downloadable Content
No ratings yet
Powerflex 4.X Appliance and Rack Design Student Guide: Downloadable Content
96 pages
PowerFlex+4 0+Administration-Downloadable+Content
No ratings yet
PowerFlex+4 0+Administration-Downloadable+Content
132 pages
D-PSC-MN-01 Dell PowerScale Maintenance Updated Dumps
No ratings yet
D-PSC-MN-01 Dell PowerScale Maintenance Updated Dumps
23 pages
PowerStore+Concepts+and+Features+ +Participant+Guide (PDF) +
No ratings yet
PowerStore+Concepts+and+Features+ +Participant+Guide (PDF) +
72 pages
Powerscale Services Customer Deck
No ratings yet
Powerscale Services Customer Deck
32 pages
Dell Switch Hardening Guide
No ratings yet
Dell Switch Hardening Guide
4 pages
PowerScale Admin OnDemant
No ratings yet
PowerScale Admin OnDemant
3 pages
Dell PowerScale
No ratings yet
Dell PowerScale
34 pages
PowerScale+Administration Course+Guide
No ratings yet
PowerScale+Administration Course+Guide
441 pages
h8321 WP Smartpools Storage Tiering
No ratings yet
h8321 WP Smartpools Storage Tiering
37 pages
Dell PowerScale Update 3rd Oct 2023
No ratings yet
Dell PowerScale Update 3rd Oct 2023
51 pages
Enterprise Presentation of Dell
No ratings yet
Enterprise Presentation of Dell
21 pages
PowerStore 3.0 Administration - File Provisioning - Participant Guide
No ratings yet
PowerStore 3.0 Administration - File Provisioning - Participant Guide
173 pages
PowerScale+Concepts SSP+ +Participant+Guide
100% (1)
PowerScale+Concepts SSP+ +Participant+Guide
90 pages
Dell Power Guide
100% (2)
Dell Power Guide
84 pages
Dell Powerscale - Scale Out NAS
No ratings yet
Dell Powerscale - Scale Out NAS
68 pages
h10588 Isilon Data Availability Protection WP
No ratings yet
h10588 Isilon Data Availability Protection WP
39 pages
PWRSTR CFG SMB
No ratings yet
PWRSTR CFG SMB
28 pages
Dell Emc Poweredge Rack Quick Reference Guide
No ratings yet
Dell Emc Poweredge Rack Quick Reference Guide
2 pages
h18241 Dell Powerstore Best Practices Guide
No ratings yet
h18241 Dell Powerstore Best Practices Guide
16 pages
h18241 Dell Powerstore Best Practices Guide
No ratings yet
h18241 Dell Powerstore Best Practices Guide
17 pages
PowerScale Implementation - Participant Guide PDF
No ratings yet
PowerScale Implementation - Participant Guide PDF
41 pages
h18155 Dell Emc Powerstore File Capabilities
No ratings yet
h18155 Dell Emc Powerstore File Capabilities
46 pages
Hardware Installation and Troubleshooting Guide
No ratings yet
Hardware Installation and Troubleshooting Guide
62 pages
PowerEdge Towers Quick Reference Guide
No ratings yet
PowerEdge Towers Quick Reference Guide
2 pages
00 - Vce 1CN Vxrailam PDF
No ratings yet
00 - Vce 1CN Vxrailam PDF
6 pages
Common - Powervault-Md3600f - Deployment Guide - En-Us
No ratings yet
Common - Powervault-Md3600f - Deployment Guide - En-Us
38 pages
DES-1423 Specialist Implementation Engineer Isilon Solutions Exam
No ratings yet
DES-1423 Specialist Implementation Engineer Isilon Solutions Exam
4 pages
Dell Compellent Storage Center Windows Server 2012 Best Practices
No ratings yet
Dell Compellent Storage Center Windows Server 2012 Best Practices
47 pages
PowerFlex Rack Administration - Instructor Guide
No ratings yet
PowerFlex Rack Administration - Instructor Guide
241 pages
Poweredge Rack Servers Quick Reference Guide
No ratings yet
Poweredge Rack Servers Quick Reference Guide
2 pages
Flex Appliance Administration
No ratings yet
Flex Appliance Administration
196 pages
Powervault-Md3200 - Deployment Guide - En-Us PDF
No ratings yet
Powervault-Md3200 - Deployment Guide - En-Us PDF
74 pages
Dell Emc Storage Software Products
No ratings yet
Dell Emc Storage Software Products
4 pages
10 Reasons Why PowerScale
No ratings yet
10 Reasons Why PowerScale
13 pages
Powerflex TD 2.0 LG
No ratings yet
Powerflex TD 2.0 LG
123 pages
MD Storage Management Vcenter Plugin User Guide
No ratings yet
MD Storage Management Vcenter Plugin User Guide
46 pages
SK0 005 Notes and Study Guide Nmoleo Software
No ratings yet
SK0 005 Notes and Study Guide Nmoleo Software
12 pages
Azure Stack HCI OS v2
No ratings yet
Azure Stack HCI OS v2
41 pages
h10541 Ds Dell Emc Powerscale
No ratings yet
h10541 Ds Dell Emc Powerscale
4 pages
Powervault NX Series Network Attached Storage Systems: Windows Storage Server 2016 Administrator'S Guide
No ratings yet
Powervault NX Series Network Attached Storage Systems: Windows Storage Server 2016 Administrator'S Guide
39 pages
h18241.8 Dell Powerstore Best Practices Guide
No ratings yet
h18241.8 Dell Powerstore Best Practices Guide
18 pages
h10541 Ds Dell Emc Powerscale
No ratings yet
h10541 Ds Dell Emc Powerscale
4 pages
PowerStore T1000
No ratings yet
PowerStore T1000
3 pages
h10541 Ds Dell Emc Powerscale
No ratings yet
h10541 Ds Dell Emc Powerscale
4 pages
h17463 WP Dell Emc Isilon Design and Considerations For SMB
No ratings yet
h17463 WP Dell Emc Isilon Design and Considerations For SMB
44 pages
Dell Storage Compatibility Matrix - Oct 2016
No ratings yet
Dell Storage Compatibility Matrix - Oct 2016
90 pages
h12428 WP Best Practice Guide Isilon File System Auditing
No ratings yet
h12428 WP Best Practice Guide Isilon File System Auditing
21 pages
C06 A3 07 Temas Del Practico
No ratings yet
C06 A3 07 Temas Del Practico
4 pages
Citrix-Sw Setup Guide3 En-Us
No ratings yet
Citrix-Sw Setup Guide3 En-Us
98 pages
Dell Powerstore 500 DC Spec Sheet
No ratings yet
Dell Powerstore 500 DC Spec Sheet
8 pages
Admin UK 23 14 DigiSub
No ratings yet
Admin UK 23 14 DigiSub
100 pages
Edison Dellemc Server Competitive White Paper
No ratings yet
Edison Dellemc Server Competitive White Paper
14 pages
Dell Compellent Storage Center and Microsoft SQL Server: A Dell Best Practices Guide
No ratings yet
Dell Compellent Storage Center and Microsoft SQL Server: A Dell Best Practices Guide
22 pages
Campus Design Basics
No ratings yet
Campus Design Basics
37 pages
Dell Compellent Best Practices With VMware VSphere 5.x
No ratings yet
Dell Compellent Best Practices With VMware VSphere 5.x
84 pages
Mcitp
No ratings yet
Mcitp
57 pages
Dell Powerscale: Modern, Flexible Scale-Out File Storage
No ratings yet
Dell Powerscale: Modern, Flexible Scale-Out File Storage
4 pages
Introduction to Coding in Hours With Python Level 1: A Guide to Programming for Students With No Prior Experience (Learn Coding Basics With Python)
From Everand
Introduction to Coding in Hours With Python Level 1: A Guide to Programming for Students With No Prior Experience (Learn Coding Basics With Python)
Jack C. Stanely
No ratings yet
SR-IOV Networking in Kubernetes: The Complete Guide for Developers and Engineers
From Everand
SR-IOV Networking in Kubernetes: The Complete Guide for Developers and Engineers
William Smith
No ratings yet
Gerunds and Infinitives
100% (1)
Gerunds and Infinitives
4 pages
Hello
No ratings yet
Hello
4 pages
English Grade 12 Project
No ratings yet
English Grade 12 Project
10 pages
I Wish, If Only Student Sheets
No ratings yet
I Wish, If Only Student Sheets
3 pages
G8, GB, (15) Prepositional Phrases 2
No ratings yet
G8, GB, (15) Prepositional Phrases 2
4 pages
Study Questions For Sahabiyat Quiz
No ratings yet
Study Questions For Sahabiyat Quiz
8 pages
Superlatives Worksheet
No ratings yet
Superlatives Worksheet
1 page
Email Writing
No ratings yet
Email Writing
5 pages
Instalar Pgadmin 4 Cenos - Odt
No ratings yet
Instalar Pgadmin 4 Cenos - Odt
7 pages
An Idiots Guide To AutoLISP
100% (1)
An Idiots Guide To AutoLISP
33 pages
Homework Chapter 1 Paragraph Format Capitalization
No ratings yet
Homework Chapter 1 Paragraph Format Capitalization
7 pages
Gi Unit10 Print and Work
No ratings yet
Gi Unit10 Print and Work
6 pages
Mathematical Economics: Homework: Alan G. Isaac August 29, 2020
No ratings yet
Mathematical Economics: Homework: Alan G. Isaac August 29, 2020
12 pages
Vocabulary Journal: Language of Development Studies
No ratings yet
Vocabulary Journal: Language of Development Studies
4 pages
Arduino Based Bluetooth Controlled Robot Report 1
No ratings yet
Arduino Based Bluetooth Controlled Robot Report 1
27 pages
UHF Setting Software Manualv2.7
No ratings yet
UHF Setting Software Manualv2.7
8 pages
Assignment - 2 - Mga Gunita NG Himagsikan PDF
No ratings yet
Assignment - 2 - Mga Gunita NG Himagsikan PDF
2 pages
NLC23 - Grade 8 Enhancement Mathematics Notes To Teachers - Final
No ratings yet
NLC23 - Grade 8 Enhancement Mathematics Notes To Teachers - Final
50 pages
Towards Dynamic Execution Semantics in Semantic Web Services
No ratings yet
Towards Dynamic Execution Semantics in Semantic Web Services
9 pages
n6 Music Business Assessment 1 (2025)
No ratings yet
n6 Music Business Assessment 1 (2025)
3 pages
SI Prefixes Table
No ratings yet
SI Prefixes Table
5 pages
SummerSchool English Language Test
No ratings yet
SummerSchool English Language Test
7 pages
LPC Assignment
No ratings yet
LPC Assignment
22 pages
Tone
No ratings yet
Tone
4 pages
Automatic Sending of ALV Output by Email - SAP Community
No ratings yet
Automatic Sending of ALV Output by Email - SAP Community
9 pages
Practice Question Paper (2023-24) Class: X Subject: English Time: 3 Hours M.M.: 80 General Instructions
No ratings yet
Practice Question Paper (2023-24) Class: X Subject: English Time: 3 Hours M.M.: 80 General Instructions
24 pages
8-Supplementary Texts Appendix - Index - Glossary - References - Bibliography - Notes-30!09!2024
No ratings yet
8-Supplementary Texts Appendix - Index - Glossary - References - Bibliography - Notes-30!09!2024
16 pages
Listening Skills: Tips For Being A Good Listener
No ratings yet
Listening Skills: Tips For Being A Good Listener
11 pages
Read The Text Carefully Then Do The Activities.: Part One. Reading (15 PTS)
No ratings yet
Read The Text Carefully Then Do The Activities.: Part One. Reading (15 PTS)
5 pages
Miriam'S Dance: Radical Egalitarianism in Hasidic Thought1
No ratings yet
Miriam'S Dance: Radical Egalitarianism in Hasidic Thought1
21 pages

Dell Technologies PowerScale Administration

Uploaded by

Dell Technologies PowerScale Administration

Uploaded by

DELL TECHNOLOGIES

© Copyright 2024 Dell Inc Page 2

NAS, PowerScale, and OneFS 19

NAS, PowerScale, and OneFS 20

Network Attached Storage 21

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 3

PowerScale Management Interfaces 57

Common Cluster Operations 68

OneFS Directory Structure 81

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 4

Access Zones 104

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 5

SmartConnect Foundations 124

IP Address Pools 137

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 6

Identity Management Administration 151

Identity Management Administration 152

Role-Based Access Control 153

User Identity Mapping 165

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 7

Client Access Administration 193

Client Access Administration 194

OneFS Caching 195

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 8

SMB Shares 208

NFS Exports 221

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 9

Data Protection Administration 239

Data Protection Administration 240

File Striping 241

Data Protection 250

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 10

Protection Management 270

Data Layout 286

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 11

Storage Pools Administration 292

Storage Pools Administration 293

Storage Pools 294

File Pools 307

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 12

Data Services Administration 347

Data Services Administration 348

File Filtering 349

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 13

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 14

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 15

Monitoring Administration 439

Monitoring Administration 440

PowerScale HealthCheck 441

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 16

isi statistics 457

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 17

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 18

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 19

NAS, PowerScale, and OneFS

Dell Technologies PowerScale Administration - On Demand-SSP

© Copyright 2024 Dell Inc Page 20

Network Attached Storage

Network Attached Storage