- Notes, cautions, and warnings
- Introduction to this guide
- PowerScale scale-out NAS
- APEX File Storage for AWS
- APEX File Storage for AWS introduction
- APEX File Storage for AWS infrastructure overview
- APEX File Storage for AWS deployment
- What are you deploying?
- EC2 instance types configuration options
- EBS disk volume type configuration options
- APEX File Storage for AWS account ID and region
- APEX File Storage for AWS subscription and permissions
- Activate APEX File Storage for AWS product license
- Validate the Amazon Machine Image (AMI) signature
- Download and install the AWS Command Line Interface (AWS CLI)
- Post APEX File Storage for AWS deployment tasks
- APEX File Storage for Azure
- General cluster administration
- General cluster administration overview
- User interfaces
- Connecting to the cluster
- Licensing
- Certificates
- Viewing and Editing TLS Authority Certificates
- Importing TLS Authority Certificates
- Replacing TLS Authority Certificates - Overview
- Deleting TLS Authority Certificates
- Viewing and Editing TLS Server Certificates
- Importing TLS Server Certificates
- Configuring TLS Certificate Settings
- TLS certificate data example
- Cluster identity
- Cluster date and time
- SMTP email settings
- Configuring the cluster join mode
- File system settings
- Security hardening
- Cluster monitoring
- Monitoring cluster hardware
- Events and alerts
- Healthcheck Evaluations
- Cluster maintenance
- SupportAssist
- Secure Remote Services (SRS) Summary
- Access zones
- Authentication
- Authentication overview
- Authentication provider features
- Security Identifier (SID) history overview
- Supported authentication providers
- Active Directory
- LDAP
- NIS
- Kerberos authentication
- File provider
- Local provider
- Multifactor authentication (MFA)
- Single sign-on overview
- Multi-instance active directory
- LDAP public keys
- Managing Active Directory providers
- Managing LDAP providers
- Managing NIS providers
- Managing MIT Kerberos authentication
- Managing file providers
- Managing local users and groups
- View a list of users or groups by provider
- Create a local user
- Create a local group
- Naming rules for local users and groups
- Modify a local user
- Modify a local group
- Delete a local user
- Delete a local group
- Configure a login delay
- Set a concurrent session limit
- Set a new user account to disable when inactive
- Set an existing user account to disable when inactive
- Configure minimum password requirements
- Configure the password hash type
- Set password expiration
- Set minimum new password changes
- Set lock users criteria
- Reset a user password
- Managing SSO
- Administrative roles and privileges
- Identity management
- Home directories
- Home directories overview
- Home directory permissions
- Authenticating SMB users
- Home directory creation through SMB
- Home directory creation through SSH and FTP
- Home directory creation in a mixed environment
- Interactions between ACLs and mode bits
- Default home directory settings in authentication providers
- Supported expansion variables
- Domain variables in home directory provisioning
- Data access control
- File sharing
- File sharing overview
- SMB security
- SMB shares in access zones
- SMB Multichannel
- SMB share management through MMC
- SMBv3 encryption
- SMB server-side copy
- SMB continuous availability
- SMB file filtering
- Symbolic links and SMB clients
- Anonymous access to SMB shares
- Managing SMB settings
- Managing SMB shares
- Create an SMB share
- Modify SMB share permissions, performance, or security
- Delete an SMB share
- Limit access to /ifs share for the Everyone account
- Configure anonymous access to a single SMB share
- Configure anonymous access to all SMB shares in an access zone
- Add a user or group to an SMB share
- Configure multi-protocol home directory access
- NFS security
- FTP
- HTTP and HTTPS security
- File filtering
- Auditing
- Auditing overview
- Syslog
- Syslog forwarding and TLS
- OpenBSM service
- Protocol audit events
- Audit log purging
- Managing audit settings
- Enable configuration change auditing
- Forward configuration changes to syslog
- Enable protocol access auditing
- Forward protocol access events to syslog
- Configure protocol audited zones
- Configure protocol event filters
- Enable system auditing and forwarding
- Import certificate for TLS syslog forwarding
- Set the audit hostname
- View audit settings
- Automatic deletion
- Manual deletion
- Integrating with the Common Event Enabler
- Tracking the delivery of protocol audit events
- Snapshots
- Snapshots overview
- Data protection with SnapshotIQ
- Snapshot disk-space usage
- Snapshot schedules
- Snapshot aliases
- File and directory restoration
- Best practices for creating snapshots
- Best practices for creating snapshot schedules
- File clones
- Snapshot locks
- Snapshot reserve
- Writable snapshots
- SnapshotIQ license functionality
- Creating snapshots with SnapshotIQ
- Managing snapshots
- Restoring snapshot data
- Managing snapshot schedules
- Managing snapshot aliases
- Managing with snapshot locks
- Configure SnapshotIQ settings
- Set the snapshot reserve
- Managing changelists
- Deduplication with SmartDedupe
- Data replication with SyncIQ
- SyncIQ data replication overview
- Replication policies and jobs
- Replication snapshots
- Data failover and failback with SyncIQ
- Recovery times and objectives for SyncIQ
- Replication policy priority
- SyncIQ license functionality
- Replication for nodes with multiple interfaces
- Restrict SyncIQ source nodes
- Creating replication policies
- Managing replication to remote clusters
- Initiating data failover and failback with SyncIQ
- Performing disaster recovery for older SmartLock directories
- Managing replication policies
- Managing replication to the local cluster
- Managing replication performance rules
- Managing replication reports
- Managing failed replication jobs
- Data Encryption with SyncIQ
- Data Transfer with Datamover (SmartSync)
- Data layout with FlexProtect
- Large file size support
- NDMP backup and recovery
- NDMP backup and recovery overview
- NDMP two-way backup
- NDMP three-way backup
- Support for NDMP sessions on Generation 6 hardware
- Setting preferred IPs for NDMP three-way operations
- NDMP multi-stream backup and recovery
- Snapshot-based incremental backups
- NDMP backup and restore of SmartLink files
- NDMP protocol support
- Supported DMAs
- NDMP hardware support
- NDMP backup limitations
- NDMP performance recommendations
- Excluding files and directories from NDMP backups
- Configuring basic NDMP backup settings
- Managing NDMP user accounts
- NDMP environment variables overview
- Managing NDMP contexts
- Managing NDMP sessions
- Managing NDMP Fibre Channel ports
- Managing NDMP preferred IP settings
- Managing NDMP backup devices
- NDMP dumpdates file overview
- NDMP restore operations
- Sharing tape drives between clusters
- Managing snapshot based incremental backups
- Managing cluster performance for NDMP sessions
- Managing CPU usage for NDMP sessions
- File retention with SmartLock
- SmartLock overview
- Compliance mode
- Enterprise mode
- SmartLock directories
- Replication and backup with SmartLock
- SmartLock license functionality
- SmartLock considerations
- Set the compliance clock
- View the compliance clock
- Creating a SmartLock directory
- Managing SmartLock directories
- Managing files in SmartLock directories
- Set a retention period through a UNIX command line
- Set a retention period through Windows Powershell
- Commit a file to a WORM state through a UNIX command line
- Commit a file to a WORM state through Windows Explorer
- Override the retention period for all files in a SmartLock directory
- Delete a file committed to a WORM state
- View WORM status of a file
- Protection domains
- Data-at-rest-encryption
- Data-at-rest encryption overview
- Self-encrypting drives
- Data security on self-encrypting drives
- Data migrations and upgrades to a cluster with self-encrypting drives
- Enabling external key management
- Migrate nodes and SEDs to external key management
- Chassis and drive states
- Smartfailed drive REPLACE state
- Smartfailed drive ERASE state
- S3 Support
- SmartQuotas
- SmartQuotas overview
- Quota types
- Default quota type
- Usage accounting and limits
- Disk usage calculations
- Quota notifications
- Quota notification rules
- Quota reports
- Creating quotas
- Managing quotas
- Managing quota notifications
- Email quota notification messages
- Managing quota reports
- Basic quota settings
- Advisory limit quota notification rules settings
- Soft limit quota notification rules settings
- Hard limit quota notification rules settings
- Limit notification settings
- Quota report settings
- Storage Pools
- Storage pools overview
- Storage pool functions
- Autoprovisioning
- Node pools
- Virtual hot spare
- Spillover
- Suggested protection
- Protection policies
- SSD strategies
- Other SSD mirror settings
- Global namespace acceleration
- L3 cache overview
- Tiers
- File pool policies
- Managing node pools in the web administration interface
- Managing L3 cache from the web administration interface
- Managing tiers
- Creating file pool policies
- Managing file pool policies
- Configure default file pool protection settings
- Default file pool requested protection settings
- Configure default I/O optimization settings
- Default file pool I/O optimization settings
- Modify a file pool policy
- Prioritize a file pool policy
- Create a file pool policy from a template
- Delete a file pool policy
- Monitoring storage pools
- Pool-based tree reporting in FSAnalyze (FSA)
- System jobs
- Networking
- Networking overview
- About the internal network
- About the external network
- Configuring the internal network
- Managing IPv6
- Managing groupnets
- Managing external network subnets
- Managing IP address pools
- Managing SmartConnect Settings
- Managing network interface members
- Managing node provisioning rules
- Managing routing options
- Managing DNS cache settings
- Managing host-based firewalls
- Modify the OneFS firewall service
- Create a firewall policy
- View a firewall policy
- Create a firewall rule
- View a firewall rule
- Modify a firewall rule
- Delete a firewall rule
- Clone a firewall policy
- Delete a firewall policy
- Associate a network subnet or pool to a firewall policy
- Reset the global default firewall policies
- Managing TCP ports
- NFSoRDMA
- Smart QoS
- Antivirus
- Antivirus overview
- On-access scanning
- ICAP Antivirus policy scanning
- Individual file scanning using ICAP
- WORM files and antivirus
- Antivirus scan reports
- ICAP servers
- CAVA servers
- ICAP threat responses
- CAVA threat responses
- Configuring global antivirus settings
- Managing ICAP servers
- Managing CAVA servers
- Add and connect to a CAVA server
- List or view CAVA servers
- Modify CAVA connection settings
- Disable connection to a CAVA server
- Delete connection to a CAVA server
- Add a job to a CAVA server
- View an IP pool in a CAVA server
- Create an Active Directory authentication provider for the AvVendor access zone
- Update the role in the access zone
- Scan CloudPool files in a CAVA server
- Create an antivirus policy
- Managing ICAP antivirus policies
- Managing antivirus scans
- Managing antivirus threats
- Managing antivirus reports
- File System Explorer
PowerScale OneFS 9.8.0.0 Web Administration Guide
Dell PowerScale Datamover (SmartSync) overview
Dell PowerScale OneFS Datamover (also called SmartSync) enables you to transfer data between PowerScale clusters and S3 object stores (ECS, AWS) using the Datamover transfer engine that is embedded in OneFS. Datamover ensures that you have a consistent copy of your data on another PowerScale cluster or cloud platform. Datamover allows you to control the frequency of data transfers at scheduled times using policies. Similar to the SyncIQ module, you can transfer data at the directory level, while optionally excluding specific files and subdirectories from being transferred.
The embedded Datamover feature provides data replication for file and object deployments on-premises or in the cloud. Datamover enables file-to-file transfers between PowerScale clusters using RPC and file-to-object copy transfers to S3 (ECS, AWS) and Azure cloud systems.
This section provides an overview of the Datamover transfer engine. You can configure and administer Datamover using OneFS CLI commands. See the PowerScale OneFS CLI Administration Guide for details.
Datamover provides the following primary functions:
- Data protection
- Data repurposing (copy)
- Data archive
Datamover provides a flexible execution model of push or pull data transfers between systems. While SyncIQ allows administrators to push data from a source to a target cluster, Datamover also allows for a target cluster to pull data from a source cluster, resulting in reduced throughput and CPU impacts on the source cluster.
- Faster data transfers than SyncIQ
- Snapshot locking
- Separation between Datamover datasets and user snapshots prevents accidental deletion of snapshots during transfers
- Scalable run-time engine
- Dataset "reconnect" allows systems with identical datasets to reconnect for instant incremental backups during failover scenarios
- Namespace contention avoidance
- Batch operations for efficient small file transfers
- Bulk operations to address file ID-mapping contention
- Improved bench marking
- Smart scheduling
- CPU and bandwidth throttling
- Centralized management of policies and jobs
- Replication between multiple sets of clusters
- NANO(A)N: Not-All-Nodes-On-(All)-Networks detection. Active accounts are monitored on-the-fly by each node.
- Nodes with no accessibility to an account do not participate in a transfer
- Improved error handling and graceful crash recovery to ensure checkpointing stability
- Data recovery
- You can restore from a dataset that you replicated to another cluster. For example, you can copy a dataset from an archive tier to a production tier as a one-time copy. That copy is read/write on arrival.
- You can perform a one-time copy at any time to your archive tier or between any two clusters. A one-time copy provides the option to not make Datamover datasets, which means you can start using them read/write immediately.
File-to-file high-performance data transfers
- Streamlined baseline and incremental file transfers
- Namespace contention avoidance. Namespace creation is separated from data transfers
- Batch transfers of small files, attributes, and data blocks
- Asynchronous I/O backed by lightweight threads (fibers) allows for maximized parallel transfers
File-to-object content distribution "copy" format limitations
The following table lists current limitations in file-to-object transfers.
| Limitation | Description |
|---|---|
| ADS files | Skipped when encountered |
| Hardlinks | Not supported. An object is created for each link (hard links are not preserved) |
| Symlinks | Skipped when encountered |
| Special files | Skipped when encountered |
| Metadata | Only the following POSIX attributes are copied: mode, UID, GID, atime, mtime, ctime |
| File name encoding | Encodings are converted to UTF-8 |
| Large files | Errors are returned for files greater than the cloud provider's maximum object size |
| Sparse files | Sparse sections are not preserved; they are written out fully as zeros |
| CloudPools | Not supported |
| Compression in transit | Not supported |
| Copy back from the cloud | Not supported if the data was not created by Data Mover |
| Incremental transfers | Not supported for file-to-object transfers. Only one-time copy to cloud oir copy back from cloud is supported |
Licensing and credential requirements
- Datamover must be hosted on all PowerScale clusters where transfers are planned.
- For OneFS copy to cloud and copy back from cloud transfers, Datamover is installed on OneFS but not on the cloud systems.
- Datamover waits for the administrator to commit the OneFS upgrade to OneFS 9.4.0.0.
- You must have a current SyncIQ (ISI_LICENSING_SYNCIQ_v_2_0) license activated on PowerScale clusters before you can run Datamover between them.
-
- Datamover is enabled when a SyncIQ license is activated and the certificates in the following table are configured.
- If a SyncIQ license expires after configuring policies, the jobs will continue to run. Datamover Rest APIs will serve the GET and DELETE calls; PUT and POST calls will not be allowed.
- A shared CA is the simplest configuration, however it is not a requirement to communicate with peer Datamover engines. Two systems trust each other if they have the CAs that signed each other's identity certificates.
- Users must have the ISI_PRIV_DATAMOVER administrative (AIMA) privilege to configure the Datamover using the Rest APIs.
- Inbound TCP port 7722 must be opened in firewalls.
Certificate requirements
The following Certificate Authorities (CA) and trust hierarchies are required.
| Requirement | Description |
|---|---|
| TLS certificates |
|
| Certificate Authorities (CA) |
|
| Identity certificates |
|
| Trust hierarchies |
|
Reference documentation
The OneFS CLI Administration Guide provides details for configuring and administering Datamover. The Datamover feature includes a full set of isi dm command line interface (CLI) commands and APIs in the PowerScale OneFS 9.4.0.0 CLI Command Reference and PowerScale OneFS 9.4.0.0 API Reference Guides.
You can find these guides under the Documentation tab on the PowerScale OneFS Support site.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\