Does Isilon have File Filtering function

Unfortunately the Isilon does not yet have any built in capability to filter or prevent files from being stored on the file system based on file name or any other criteria.

Let's think about this problem a different way.  The goal is twofold: a) prevent users from storing particular file content, and b) corporately, control user behavior to deter storage of files considered either non-essential or (in certain cases) dangerous/counterproductive.

To merely control persistent store, I have seen admins set up a file pool based on content type (e.g. *.mkv) and land those files in a pool, with a known underlying directory.  Then, periodically, a script deletes all files in that directory.  The periodicity varies but I have seen anywhere from once a day to once every minute.  The cute name for this technique is the "/dev/null" smartpool.

However, the better way to think about this is corporate user behavior and employee policy.  If it is the policy of the company to ban .mkv, for example, then use SMB Audit (CEE) to record the ingestion of such files.  Then, the employee's manager, armed with the audit data, can take managerial action knowing that his/her employee violated policy.  This is far more effective deterrence than merely file filtering.

After all, the goal is not necessarily to 'save space' but enforce company policy.  Nothing like one's manager having a chat with the employee...and that incident going on the employee's HR record.

We have to stop playing this game of "does your kit have feature X".  Features are nice, features are cool, but there are, quite often, far better outcomes available by using strategic thinking.

Other point of view. A missing feature is a missing feature. Let's customer decide if they want to use the file blocking feature, or they want to control the storage usage based on audits and the corporate policy.

With great respect to you, file blocking is not a 'feature'.  After seeing (and working for) companies over four decades develop such things, in my opinion It's a band-aid, a problem waiting to happen, in terms of compliance.  Compliance, after all, is the end goal.  Ask your CIO.

As a user, I can easily defeat any file blocking 'feature' by merely renaming the file, or even if actual on-the-fly content examination software is used - very rare these days, hardly any company outside of national intelligence agencies uses this - I can easily encrypt or compress the file to change its internal format.

But audit cannot be beaten, because the user has no control over it.  If they store a file, an audit trace happens.  Once set, audits happen and auditors know what employees are storing files, an evidentiary trace.

So while you are certainly allowed to believe file blocking is a 'feature', it is not in reality.  It is just another array-based technique with good intentions that can be easily beaten by even a novice user.

Again, if all you are trying to accomplish is to prevent space from being consumed by files with certain extensions, then use the filepool technique as stated previously.  It works well.  A 'feature'.

Best regards

Rob

Rob,

I agree with you that you can't implement every little thing we the non-CIOs here can think of as a feature in the OneFS.

The auditing that you're talking about is expensive third party product not everybody can afford. NFS auditing is not there.

When we have petabyte scale file system, the traditional tools we have don't work very well. For example, I have not found any way to execute fast search for files with specific attributes (or ACLs). Find only runs one one node. There is Query in Namespace API, that is very comprehensive, but you can't query for file ACLs, and as find, it's not parallel and is as slow.

I would mention Isilon's Anti-virus (AVScan) feature, which uses the ICAP protocol (RFC 3507) and would seem up to the task. The specific filtering rules would have to be setup in the ICAP server.

Thanks Krisztián, I am seeking the way that ISILON replace the current NAS appliance. NAS Appliance running here by EMC has this file blocking function. we use this feature quite often.  As the NAS is close to life cycle end, we consider to replace it by ISILON. If it has the file blocking, we don't  hesitate to purchase it.

Hi Bob,  Here is my situation,

1. Auditing control and communication with departments manager to deal with  cost too much time and energy for my storage administrator. That putting personal mp3 file and video to the Share file system did happen a lot and storage administrator took a large cycle to report and waited for other department manger's response. It really is time and energy -consuming. administrator took too much time to message the user and erase the file.

2. Storage administrator want they take control storage.  For all what storage administrator can do is to control the storage space. They can not change policy and dont have too much time to handle the commutation with user in various location. If the appliance with function that banned to  unpermitted file.  they are please to do that in their duty range. this function really solve the chaos with communication with other department manger and auditor.

3. Having the File Blocking feature is the reason why they choose EMC appliance.  They previously choose HP and then NetAPP and finally with EMC. They are quite happy with EMC appliance only because its has the file blocking function in NS20.

4. We have Alternative way to meet storage administrator's needs. However, Isilon has many features we are too excite about.  To have File blocking feature, we just easily upgrade to VNX 5400 with VNX gateway, It  inherits the NAS functions.   But, ISILON allures us with new features.  it's scale-out, auto-balancing and ease to maintenance.That's why we are curious about whether it can replace the traditional NAS we currently used.

5. Admittedly, Blocking the file only by its format is too basic.  user can escape the block just change the file's type name. I hereby aslo ask about which advanced way to do this file filtering. 

Hi hua_li,

Thank you for your response, you are most kind.  Your situation, as described, is exactly why we at Isilon wrote the file audit feature in 7.1.  If your management has determined that storage of certain files is against policy, and your management wants reports, we have that capability built-in.  Many EMC users have Varonis for this exact reason, to perform corporate-wide audit and control.

None of this burden should be placed on the storage administrator.  Using Isilon, the administrator configures communication to an audit server.  After that, the audit server handles all the reporting and auditing.  Your storage administrator tasks are complete.  Through this, your management can see exactly what user is storing illegal files and how much space they consume by doing so.  This is the goal of audit.  I would be happy to speak with your CIO on this topic.

Having said that, again, if your storage administrator desires to merely prevent storage of certain file types, they can do that very thing on Isilon, as I described.

Finally, I would urge you and your management team to take a more strategic look at how your company procures NAS.  It is not optimal to focus on one and only one 'feature' while ignoring all the strategic benefits of Isilon, as you well said.  There may be one 'feature' which a product lacks - not just Isilon but any product - but to focus on that as an absolute disqualifer while ignoring the myriad of other beneficial 'features' you lose by not selecting Isilon is sub-optimal, in my opinion.  It also merely perpetuates the status quo instead of using innovative technology such that your own business competitors, who are at status quo, are put at a disadvantage.

I have heard some corporate CIOs call this (disqualification based on one and only one 'feature')  the 'penny wise, pound foolish' approach.  I cannot argue with that observation.

Best of luck with whatever decision you make,

Rob

Yes, OneFS 8.0 now introduces new file filtering capabilities. Refer Isilon Admin guide.