OneFS 7.0 and later: SmartLock compliance mode
Summary: This article describes some important points about using SmartLock compliance mode. For a complete set of use cases, instructions, and best practices for SmartLock compliance mode and SmartLock enterprise mode, see the OneFS Administration or Installation Guides. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Introduction
In OneFS 7.0 and later, there are two SmartLock operation modes available to the cluster, SmartLock compliance mode and SmartLock enterprise mode. SmartLock enterprise mode is the default SmartLock operation mode.
- SmartLock Compliance Mode enables you to protect your data in compliance with the regulations defined by U.S. Securities and Exchange Commission (SEC) rule 17a-4.
- SmartLock Enterprise Mode enables you to create Write-Once Read-Many (WORM) directories on the cluster. This WORM implementation does not meet the requirements of SEC rule 17a-4. SmartLock enterprise mode is used to protect files from accidental modification or deletion, but are not required by law to do so. This implementation is the same implementation that was available in versions of OneFS prior to 7.0.
Cause
Details
- The SmartLock operation mode (either compliance mode or enterprise mode) must be set during the initial cluster configuration process. If you do not set a cluster to compliance mode, the cluster is automatically set to SmartLock enterprise mode. See Tips for configuring the SmartLock compliance mode below.
- Once you set a cluster to compliance mode, you cannot change it to enterprise mode.
- All clusters that are upgraded from a OneFS version earlier than 7.0 are automatically set to enterprise mode and cannot be changed to compliance mode.
- In order to set the cluster to SmartLock compliance mode, you need a SmartLock license which must be applied during initial cluster setup.
- Once a cluster is set to SmartLock compliance mode, you cannot log in to that cluster through the root user account. Instead, you log in to the cluster through the compliance administrator account that you configure during initial cluster configuration. If logged in through the compliance administrator account, you can perform administrative tasks through the sudo program. Many of the commands that require root privileges are still available to the compliance administrator but must be prefaced with sudo. To see the list of commands available to the compliance administrator, open an SSH connection and run the following command from the command prompt:
more /usr/local/etc/sudoers
Commands specific to the Isilon cluster are contained within ## BEGIN ISILON and ##END ISILON tags. For example:
## BEGIN ISILON # Add admin to sudoers list for SmartLock Compliance. User_Alias ADMINS = compadmin ## END ISILON
- If you unconfigure a SmartLock license from a cluster that is running in SmartLock compliance mode, root access to the cluster is not restored.
- Once in SmartLock compliance mode, you can create SmartLock compliance directories with specific WORM retention periods. A file can be committed to a WORM state either manually or automatically by the system. A file that has been committed to a WORM state in a compliance directory cannot be modified or deleted before the specified retention period has expired. You cannot delete committed files, even if you are logged in to the compliance administrator account. The privileged delete feature is not available in SmartLock compliance mode.
Resolution
Tips for configuring SmartLock compliance mode
There are a few extra steps that you must perform when configuring clusters and nodes for SmartLock compliance mode. (For more information, see the appropriate node Installation and Setup Guide.)
Create a new cluster in SmartLock compliance mode.
- When the configuration Wizard appears, press 4 to reboot into SmartLock Compliance mode, as shown in this example:
Select an option:[ 1] Create a new cluster[ 2] Join an existing cluster[ 3] Exit wizard and configure manually[ 4] Reboot into SmartLock Compliance modeWizard >>> 4** WARNING ***Root access to this node will be disabled! Are you sure you want to make this node a SmartLock Compliance node? (yes/no): [no] >>> yes - Type Yes To confirm root access will be disabled. The node restarts and returns to the same set of steps.
- Press 1 to create a new cluster.
- Follow the prompts to configure the cluster. When prompted, enter your license key for the SmartLock license.
Add a node to an existing SmartLock compliance cluster.
- When the configuration Wizard first appears, press 4 to reboot into SmartLock Compliance mode (see example above).
- Type Yes to confirm root access will be disabled (see example above). The node restarts and returns to the same set of steps.
- Press 2 to join an existing cluster.
- Follow the prompts to configure the node.
Affected Products
PowerScale OneFSProducts
Isilon, PowerScale OneFSArticle Properties
Article Number: 000016960
Article Type: Solution
Last Modified: 09 Jun 2025
Version: 6
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.