Skip to main content

Welcome

Dell Sites

Dell Technologies
Premier Sign In
Partner Program Sign In
Dell Financial Services
Support

Dell Sites

Dell Technologies
Premier Sign In
Partner Program Sign In
Dell Financial Services
Support

Welcome to Dell

My Account

Place orders quickly and easily
View orders and track your shipping status
Enjoy members-only rewards and discounts
Create and access a list of your products
Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In

Your Dell.com Carts

Products
Solutions
Services
Contact Us

Support
Product Support
Manuals

PowerScale OneFS 9.8.0.0 Web Administration Guide

Notes, cautions, and warnings
Introduction to this guide
- About this guide
- PowerScale NAS overview
- Where to get help
  - Additional options for getting help
PowerScale scale-out NAS
- OneFS storage architecture
- Node components
- Internal and external networks
- PowerScale cluster
- The OneFS operating system
  - Mixed data-access protocol environments
  - Identity management and access control
- Structure of the file system
- Data protection overview
- Data compression
- Software modules
APEX File Storage for AWS
- APEX File Storage for AWS introduction
- APEX File Storage for AWS infrastructure overview
- APEX File Storage for AWS deployment
- Post APEX File Storage for AWS deployment tasks
APEX File Storage for Azure
- APEX File Storage for Azure introduction
- APEX File Storage for Azure architecture overview
- APEX File Storage for Azure features
- APEX File Storage for Azure supported configuration parameters
- APEX File Storage for Azure configuration options
General cluster administration
- General cluster administration overview
- User interfaces
- Connecting to the cluster
  - Log in to the web administration interface
  - Open an SSH connection to a cluster
- Licensing
- Certificates
- Cluster identity
  - Set the cluster name and contact information
- Cluster date and time
  - Set the cluster date and time
  - Specify an NTP time server
- SMTP email settings
  - Configure SMTP email settings
- Configuring the cluster join mode
  - Specify the cluster join mode
- File system settings
  - Enable or disable access time tracking
  - Specify the cluster character encoding
- Security hardening
- Cluster monitoring
  - Monitor the cluster
  - View node status
- Monitoring cluster hardware
- Events and alerts
- Healthcheck Evaluations
- Cluster maintenance
- SupportAssist
- Secure Remote Services (SRS) Summary
Access zones
- Data Security overview
- Base directory guidelines
- Access zones best practices
- Access zones on a SyncIQ secondary cluster
- Access zone limits
- Quality of service
- Zone-based Role-based Access Control (zRBAC)
  - Integrated roles in non-System zones
- Zone-specific authentication providers
- Managing access zones
Authentication
- Authentication overview
- Authentication provider features
- Security Identifier (SID) history overview
- Supported authentication providers
- Active Directory
- LDAP
- NIS
- Kerberos authentication
  - Keytabs and SPNs overview
  - MIT Kerberos protocol support
- File provider
- Local provider
- Multifactor authentication (MFA)
- Single sign-on overview
- Multi-instance active directory
- LDAP public keys
- Managing Active Directory providers
  - Configure an Active Directory provider
  - Modify an Active Directory provider
  - Delete an Active Directory provider
  - Active Directory provider settings
- Managing LDAP providers
  - Configure an LDAP provider
  - Modify an LDAP provider
  - Delete an LDAP provider
  - LDAP query settings
  - LDAP advanced settings
- Managing NIS providers
  - Configure an NIS provider
  - Modify an NIS provider
  - Delete an NIS provider
- Managing MIT Kerberos authentication
  - Managing MIT Kerberos realms
  - Managing MIT Kerberos providers
  - Managing MIT Kerberos domains
- Managing file providers
  - Configure a file provider
  - Generate a password file
  - Password file format
  - Group file format
  - Netgroup file format
  - Modify a file provider
  - Delete a file provider
- Managing local users and groups
  - View a list of users or groups by provider
  - Create a local user
  - Create a local group
  - Naming rules for local users and groups
  - Modify a local user
  - Modify a local group
  - Delete a local user
  - Delete a local group
  - Configure a login delay
  - Set a concurrent session limit
  - Set a new user account to disable when inactive
  - Set an existing user account to disable when inactive
  - Configure minimum password requirements
  - Configure the password hash type
  - Set password expiration
  - Set minimum new password changes
  - Set lock users criteria
  - Reset a user password
- Managing SSO
  - Configure the Identity Provider to communicate with OneFS
  - Configure the SSO UPN/Kerberos Principal Name SAML NameID
  - Configure the SSO Windows Qualified Domain Name SAML NameID
  - Configure SSO in OneFS
  - Enable and test SSO
Administrative roles and privileges
- Role-based access
- Roles
  - Custom roles
  - OneFS roles
- Privileges
- Managing roles
Identity management
- Identity management overview
- Identity types
- Access tokens
- Access token generation
- Managing ID mappings
- Managing user identities
Home directories
- Home directories overview
- Home directory permissions
- Authenticating SMB users
- Home directory creation through SMB
- Home directory creation through SSH and FTP
- Home directory creation in a mixed environment
- Interactions between ACLs and mode bits
- Default home directory settings in authentication providers
- Supported expansion variables
- Domain variables in home directory provisioning
Data access control
- Data access control overview
- ACLs
- UNIX permissions
- Mixed-permission environments
  - NFS access of Windows-created files
  - SMB access of UNIX-created files
- Managing access permissions
File sharing
- File sharing overview
  - Mixed protocol environments
  - Write caching with SmartCache
    - Write caching for asynchronous writes
    - Write caching for synchronous writes
- SMB security
- NFS security
- FTP
  - Enable and configure FTP file sharing
- HTTP and HTTPS security
  - Enable and configure HTTP
File filtering
- File filtering in an access zone
- Enable and configure file filtering in an access zone
- Modify file filtering settings in an access zone
- View file filtering settings
Auditing
- Auditing overview
- Syslog
- Syslog forwarding and TLS
- OpenBSM service
- Protocol audit events
- Audit log purging
- Managing audit settings
- Integrating with the Common Event Enabler
- Tracking the delivery of protocol audit events
Snapshots
- Snapshots overview
- Data protection with SnapshotIQ
- Snapshot disk-space usage
- Snapshot schedules
- Snapshot aliases
- File and directory restoration
- Best practices for creating snapshots
- Best practices for creating snapshot schedules
- File clones
  - Shadow-store considerations
- Snapshot locks
- Snapshot reserve
- Writable snapshots
- SnapshotIQ license functionality
- Creating snapshots with SnapshotIQ
  - Create a SnapRevert domain
  - Create a snapshot schedule
  - Create a snapshot
  - Snapshot naming patterns
- Managing snapshots
  - Reducing snapshot disk-space usage
  - Delete snapshots
  - Modify snapshot attributes
  - Assign a snapshot alias to a snapshot
  - View snapshots
  - Snapshot information
- Restoring snapshot data
  - Revert a snapshot
  - Restore a file or directory using Windows Explorer
  - Restore a file or directory through a UNIX command line
  - Clone a file from a snapshot
- Managing snapshot schedules
  - Modify a snapshot schedule
  - Delete a snapshot schedule
  - View snapshot schedules
- Managing snapshot aliases
  - Configure a snapshot alias for a snapshot schedule
  - Assign a snapshot alias to a snapshot
  - Reassign a snapshot alias to the live file system
  - View snapshot aliases
  - Snapshot alias information
- Managing with snapshot locks
  - Create a snapshot lock
  - Modify a snapshot lock expiration date
  - Delete a snapshot lock
  - Snapshot lock information
- Configure SnapshotIQ settings
  - SnapshotIQ settings
- Set the snapshot reserve
- Managing changelists
  - Create a changelist
  - Delete a changelist
  - View a changelist
  - Changelist information
Deduplication with SmartDedupe
- Deduplication overview
- Deduplication jobs
- Data replication and backup with deduplication
- Snapshots with deduplication
- Deduplication considerations
- Shadow-store considerations
- SmartDedupe license functionality
- Managing deduplication
Data replication with SyncIQ
- SyncIQ data replication overview
- Replication policies and jobs
- Replication snapshots
  - Source cluster snapshots
  - Target cluster snapshots
- Data failover and failback with SyncIQ
- Recovery times and objectives for SyncIQ
  - RPO Alerts
- Replication policy priority
- SyncIQ license functionality
- Replication for nodes with multiple interfaces
- Restrict SyncIQ source nodes
- Creating replication policies
- Managing replication to remote clusters
- Initiating data failover and failback with SyncIQ
- Performing disaster recovery for older SmartLock directories
  - Recover SmartLock compliance directories on a target cluster
  - Migrate SmartLock compliance directories
- Managing replication policies
- Managing replication to the local cluster
- Managing replication performance rules
- Managing replication reports
- Managing failed replication jobs
Data Encryption with SyncIQ
- SyncIQ data encryption overview
- SyncIQ traffic encryption
- Per-policy throttling overview
- SyncIQ encrypted connection
  - Activate SyncIQ license
  - Enable SyncIQ encryption
- Manage certificates for target clusters
- Manage certificates for source clusters
- Manage SyncIQ policies with encryption enabled
Data Transfer with Datamover (SmartSync)
- Dell PowerScale Datamover (SmartSync) overview
Data layout with FlexProtect
- FlexProtect overview
- File striping
- Requested data protection
- FlexProtect data recovery
  - Smartfail
  - Node failures
- Requesting data protection
- Requested protection settings
- Requested protection for disk space usage
Large file size support
- Large file support
- Feature enablement requirements
- Restrictions after enabling large file support
NDMP backup and recovery
- NDMP backup and recovery overview
- NDMP two-way backup
- NDMP three-way backup
- Support for NDMP sessions on Generation 6 hardware
- Setting preferred IPs for NDMP three-way operations
- NDMP multi-stream backup and recovery
- Snapshot-based incremental backups
- NDMP backup and restore of SmartLink files
- NDMP protocol support
- Supported DMAs
- NDMP hardware support
- NDMP backup limitations
- NDMP performance recommendations
- Excluding files and directories from NDMP backups
- Configuring basic NDMP backup settings
  - Configure and enable NDMP backup
  - View NDMP backup settings
  - Disable NDMP backup
- Managing NDMP user accounts
  - Create an NDMP administrator account
  - View NDMP user accounts
  - Modify the password of an NDMP administrator account
  - Delete an NDMP administrator account
- NDMP environment variables overview
  - Managing NDMP environment variables
  - NDMP environment variable settings
  - Add an NDMP environment variable
  - View NDMP environment variables
  - Edit an NDMP environment variable
  - Delete an NDMP environment variable
  - NDMP environment variables
  - Setting environment variables for backup and restore operations
- Managing NDMP contexts
  - NDMP context settings
  - View NDMP contexts
  - Delete an NDMP context
- Managing NDMP sessions
  - NDMP session information
  - View NDMP sessions
  - Abort an NDMP session
- Managing NDMP Fibre Channel ports
  - NDMP backup port settings
  - Enable or disable an NDMP backup port
  - View NDMP backup ports
  - Modify NDMP backup port settings
- Managing NDMP preferred IP settings
  - Create an NDMP preferred IP setting
  - Modify an NDMP preferred IP setting
  - List NDMP preferred IP settings
  - View NDMP preferred IP settings
  - Delete NDMP preferred IP settings
- Managing NDMP backup devices
  - NDMP backup device settings
  - Detect NDMP backup devices
  - View NDMP backup devices
  - Modify the name of an NDMP backup device
  - Delete an entry for an NDMP backup device
- NDMP dumpdates file overview
  - Managing the NDMP dumpdates file
  - NDMP dumpdates file settings
  - View entries in the NDMP dumpdates file
  - Delete entries from the NDMP dumpdates file
- NDMP restore operations
  - NDMP parallel restore operation
  - NDMP serial restore operation
  - Specify a NDMP serial restore operation
- Sharing tape drives between clusters
- Managing snapshot based incremental backups
  - Enable snapshot-based incremental backups for a directory
  - View snapshots for snapshot-based incremental backups
  - Delete snapshots for snapshot-based incremental backups
- Managing cluster performance for NDMP sessions
  - Enable NDMP Redirector to manage cluster performance
- Managing CPU usage for NDMP sessions
  - Enable NDMP Throttler
File retention with SmartLock
- SmartLock overview
- Compliance mode
- Enterprise mode
- SmartLock directories
- Replication and backup with SmartLock
- SmartLock license functionality
- SmartLock considerations
- Set the compliance clock
- View the compliance clock
- Creating a SmartLock directory
- Managing SmartLock directories
- Managing files in SmartLock directories
Protection domains
- Protection domains overview
- Protection domain considerations
- Create a protection domain
- Delete a protection domain
Data-at-rest-encryption
- Data-at-rest encryption overview
- Self-encrypting drives
- Data security on self-encrypting drives
- Data migrations and upgrades to a cluster with self-encrypting drives
- Enabling external key management
- Migrate nodes and SEDs to external key management
- Chassis and drive states
- Smartfailed drive REPLACE state
- Smartfailed drive ERASE state
S3 Support
- S3
  - S3 concepts
- Server Configuration
- Bucket handling
  - Managing buckets
- Object handling
- Authentication
- Access key management
  - Managing keys
SmartQuotas
- SmartQuotas overview
- Quota types
- Default quota type
- Usage accounting and limits
- Disk usage calculations
- Quota notifications
- Quota notification rules
- Quota reports
- Creating quotas
  - Create an accounting quota
  - Create an enforcement quota
- Managing quotas
- Managing quota notifications
- Email quota notification messages
  - Custom email notification template variable descriptions
  - Customize email quota notification templates
- Managing quota reports
- Basic quota settings
- Advisory limit quota notification rules settings
- Soft limit quota notification rules settings
- Hard limit quota notification rules settings
- Limit notification settings
- Quota report settings
Storage Pools
- Storage pools overview
- Storage pool functions
- Autoprovisioning
- Node pools
  - Node compatibilities
  - Compatibility restrictions
  - Manual node pools
- Virtual hot spare
- Spillover
- Suggested protection
- Protection policies
- SSD strategies
- Other SSD mirror settings
- Global namespace acceleration
- L3 cache overview
  - Migration to L3 cache
  - L3 cache on archive-class node pools
- Tiers
- File pool policies
  - FilePolicy job
- Managing node pools in the web administration interface
  - Add node pools to a tier
  - Change the name or requested protection of a node pool
  - Create a node class compatibility
  - Merge compatible node pools
  - Delete a node class compatibility
  - Create an SSD compatibility
  - Delete an SSD compatibility
- Managing L3 cache from the web administration interface
  - Set L3 cache as the default for node pools
  - Set L3 cache on a specific node pool
  - Restore SSDs to storage drives for a node pool
- Managing tiers
  - Create a tier
  - Edit a tier
  - Delete a tier
- Creating file pool policies
  - Create a file pool policy
  - File-matching options for file pool policies
  - Valid wildcard characters
  - SmartPools settings
- Managing file pool policies
  - Configure default file pool protection settings
  - Default file pool requested protection settings
  - Configure default I/O optimization settings
  - Default file pool I/O optimization settings
  - Modify a file pool policy
  - Prioritize a file pool policy
  - Create a file pool policy from a template
  - Delete a file pool policy
- Monitoring storage pools
  - Monitor storage pools
  - View subpools health
  - View the results of a SmartPools job
Pool-based tree reporting in FSAnalyze (FSA)
- FSAnalyze (FSA)
- Pool-based tree reporting in FSAnalyze (FSA)
System jobs
- System jobs overview
- System jobs library
- Job operation
- Job performance impact
- Job priorities
- Managing system jobs
- Managing impact policies
- Viewing job reports and statistics
  - View statistics for a job in progress
  - View a report for a completed job
Networking
- Networking overview
- About the internal network
  - Internal IP address ranges
  - Internal network failover
- About the external network
- Configuring the internal network
- Managing IPv6
- Managing groupnets
- Managing external network subnets
- Managing IP address pools
- Managing SmartConnect Settings
- Managing network interface members
  - Add or remove a network interface
  - Configure link aggregation
    - Link aggregation modes
    - Link aggregation mapping
- Managing node provisioning rules
- Managing routing options
  - Enable or disable source-based routing
  - Add or remove a static route
- Managing DNS cache settings
- Managing host-based firewalls
- Managing TCP ports
  - Add or remove TCP ports
NFSoRDMA
- RDMA support for NFSoRDMA
- Enable NFSoRDMA
- Disable NFSoRDMA
- View interface details of a node
- View IP address pool details
- Create an IP address pool with NFSoRDMA capabilities
- Modify an existing IP address pool
Smart QoS
- Smart QoS
- Workload monitoring
- Create a standard dataset
- Pin a workload
  - View a pinned workload
  - Unpin a workload
- Throttle a workload
  - Modify a workload throttle
  - Remove a workload throttle
- Additional information
Antivirus
- Antivirus overview
- On-access scanning
- ICAP Antivirus policy scanning
- Individual file scanning using ICAP
- WORM files and antivirus
- Antivirus scan reports
- ICAP servers
- CAVA servers
- ICAP threat responses
- CAVA threat responses
- Configuring global antivirus settings
- Managing ICAP servers
- Managing CAVA servers
- Create an antivirus policy
- Managing ICAP antivirus policies
- Managing antivirus scans
- Managing antivirus threats
- Managing antivirus reports
  - View antivirus reports
  - View antivirus events
File System Explorer
- File System Explorer overview
- Browse the file system
- Create a directory
- Modify file and directory properties
- View file and directory properties
- File and directory properties

PDF

Loading, Please wait

Single sign-on overview

OneFS supports single sign-on (SSO) authentication to the WebUi using a third-party system as the SSO Identity Provider.

SSO enables a user to access multiple independent systems after authenticating to an Identity Provider.

NOTE:Configuring OneFS to participate in SSO is not the same as configuring OneFS to use an external authentication provider domain to authenticate users. For that solution, see the section "Supported authentication providers".

Two components are involved in the SSO solution.

The Service Provider (SP) provides services to users. Users must authenticate to gain access. If SSO is configured, the Service Provider sends requests for authentication to an external system rather than prompting the user for credentials.
The Identity Provider (IdP) is the external system that performs authentication on behalf of other systems.
NOTE:The IdP is external to OneFS and is not provided by Dell.

In the OneFS SSO solution:

OneFS is the SP that forwards authentication requests to a third-party IdP.
In OneFS, the verified IdP is Active Directory Federation Services (ADFS). Other IdPs may work.

The SSO configuration procedures describe how to configure OneFS and ADFS to work together to provide SSO authentication. Each system needs information about the other one. The procedures assume that you are using ADFS as the IdP and that you already have it configured and running.

SSO user experience by access zone

OneFS SSO is configured and enabled separately for each access zone.

SSO is configured separately for each access zone. Each access zone can have SSO enabled or disabled separately. For each access zone that has SSO enabled, you must configure an IdP You can use the same or different IdP for each zone. Each zone can have only one IdP.

When SSO is enabled on a zone, the Log in with SSO link appears on the OneFS WebUI login screen. When a user clicks that link, OneFS sends a SAML request to the SSO IdP. One of the following occurs:

If the user has already logged into the SSO IdP, the IdP returns an authentication token to OneFS. The user gains access to the OneFS home screen.
If the user has not logged into the SSO IdP, the user is redirected to the IdP login screen and logs in. If the login is successful, the IdP returns an authentication token to OneFS. The user gains access to the OneFS home screen.

If the signing certificate required for communicating with the IdP expires, OneFS disables SSO. An authorized administrator can regenerate an expired certificate on the WebUI, using Access > Authentication providers > SSO > <access-zone>.

SSO with MFA

To combine single sign-on with multifactor authentication (MFA), you must configure the MFA feature in the IdP, rather than in OneFS.

Data is not available for the Topic

Rate this content

All fields are required unless marked otherwise.

Accurate

not accurate

somewhat accurate

mostly accurate

accurate

very accurate

Useful

not useful

somewhat useful

mostly useful

useful

very useful

Easy to understand

not easy

somewhat easy

mostly easy

easy

very-easy

Was this article helpful?

Yes

No

Send us feedback (Optional)

0/3000 characters

Comments cannot contain these special characters: <>()\

Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.

Please provide ratings (1-5 stars).

Please provide ratings (1-5 stars).

Please provide ratings (1-5 stars).

Please select whether the article was helpful or not.

Comments cannot contain these special characters: <>()\

Account

My Account
Order Status
My Products
Make a Payment
Dell Rewards Balance

Support

Support Home
Contact Technical Support
Returns

Connect with Us

Community
Contact Us
X (Twitter)
LinkedIn
Instagram
YouTube

Our Offerings

Artificial Intelligence
Products
Solutions
Services
Deals

Our Company

Who We Are
Careers
Dell Technologies Capital
Investors
Newsroom
Perspectives
Recycling
ESG & Impact
Customer Stories

Our Partners

Find a Partner
Find a Reseller
OEM Solutions
Partner Program

Resources

Blog
Dell Rewards
Events
Email Sign-Up
Dell Learning Center
Glossary
Privacy Center
Resource Library
Security & Trust Center
Trial Software Downloads

Dell Technologies
Dell Premier
Dell Financial Services

Copyright © 2024 Dell Inc.
Terms of Sale
Privacy Statement
Do Not Sell or Share My Personal Information
Cookies, Ads & Emails
Legal & Regulatory
Accessibility
Anti-Slavery & Human Trafficking