So far, we have covered the following aspects of Dell EMC PowerStore: High Level Overview Hardware AppsON vVols so now it’s time to move to something “completely different” as they […]
So far, we have covered the following aspects of Dell EMC PowerStore:
so now it’s time to move to something “completely different” as they once said..
Dell EMC™ PowerStore™ offers a native file solution that is designed for the modern data center. The file system architecture is designed to be highly scalable, efficient, performance-focused, and flexible.
PowerStore also includes a rich supporting feature set, enabling the ability to support a wide array of use cases such as departmental shares or home directories. These file capabilities are integrated, so no extra hardware, software, or licenses are required. File management, monitoring, and provisioning capabilities are handled through the simple and intuitive HTML5-based PowerStore Manager.
PowerStore achieves new levels of operational simplicity and agility. It uses a container-based microservices architecture, advanced storage technologies, and integrated machine learning to unlock the power of your data. PowerStore is a versatile platform with a performance-centric design that delivers multidimensional scale, always-on data reduction, and support for next-generation media.
PowerStore brings the simplicity of public cloud to on-premises infrastructure, streamlining operations with an integrated machine-learning engine and seamless automation. It also offers predictive analytics to easily monitor, analyze, and troubleshoot the environment. PowerStore is highly adaptable, providing the flexibility to host specialized workloads directly on the appliance and modernize infrastructure without disruption. It also offers investment protection through flexible payment solutions and data-in-place upgrades.
PowerStore features a native file solution that is highly scalable, efficient, performance-focused, and flexible.
This design enables accessing data over file protocols such as Server Message Block (SMB), Network File System (NFS), File Transfer Protocol (FTP), and SSH File Transfer Protocol (SFTP).
PowerStore uses virtualized NAS servers to enable access to file systems, provide data segregation, and act as the basis for multi-tenancy. File systems can be accessed through a wide range of protocols and can take advantage of advanced protocol features. Services such as anti-virus, scheduled snapshots, and Network Data Management Protocol (NDMP) backups ensure that the data on the file systems is well protected.
PowerStore file is available natively on PowerStore T model appliances, which are designed as true unified storage systems. There are no extra pieces of software, hardware, or licenses required to enable this functionality. All file management, monitoring, and provisioning capabilities are available in the HTML5 based PowerStore Manager.
Why PowerStore File?
Natively available on the PowerStore platform
- Takes full advantage of PowerStore architecture – inline data efficiencies, NVMe, etc.
- Designed for high availability and consistent performance
- Single interface for management and monitoring of your block and file environment
Rich and mature data services
- Integration points with many NAS protocols and services
- Easily shrink and grow file systems on-demand
- Leverage quotas to limit capacity consumption
- Improve data efficiency with always-on compression and deduplication
- Leverage snapshots and thin clones for file restores and data repurposing
PowerStore File enables clients to access data over file protocols:
- Server Message Block (SMB)
- Network File System (NFS)
- File Transfer Protocol (FTP)
- SSH File Transfer Protocol (SFTP)
File is only available on PowerStore T model appliances
File functionality is natively available on PowerStore T model appliances
- No additional software, hardware, or licenses are required
- Runs as a docker container
File management, monitoring, and provisioning are done in the PowerStore Manager GUI
File upgrades are included as part of the overall PowerStore upgrade process
PowerStore T model appliances can be configured as Block Optimized or Unified (block and file)
- Selection determines resource allocation on the appliance
- PowerStore X model appliances do not have this option as they do not support NAS
This screenshot shows the NAS installation process that is started after the cluster creation completes.
File functionality is only available on the master appliance in the cluster
- Remaining appliances are configured as Block Optimized
Only the capacity on the master appliance is available for File
- Capacity available on other appliances within the same cluster can be used for volumes and vVols
Both nodes on the master appliance are used for File
- Active/active architecture enables load balancing and high availability
NAS servers enable access to the data on file systems
- Contains protocol and environmental configuration
- Required before creating file systems
NAS servers are used to enforce multi-tenancy
- NAS Servers are logically segregated from each other
- Clients of one NAS Server do not have access to data on other NAS Servers
- IP multi-tenancy is not available
Each NAS server has its own independent configuration
- E.g., DNS, LDAP, NIS, interfaces, protocols, etc.
This screenshot shows how to create a new NAS server.
NAS Server Management
After a NAS server is configured, its settings can be modified at any time. When navigating to the properties of a NAS server, there are multiple cards displayed including Network, Naming Services, Sharing Protocols, NDMP, Kerberos, Antivrius, and Alerts.
Function—When a file is written and saved (scan on update) or the first read (scan on read), PowerStore places a block on that file until virus checking has been performed. It immediately issues a remote procedure call (RPC) to a virus-checking engine. This could be a single engine or many, depending on the volume of data being protected—thus providing a highly scalable solution. Because PowerStore can easily use multiple virus-checking servers, the performance impact of virus checking with the system is a small fraction of the total throughput of the system and of systems that use a single virus-checking server (see “Scalability” below).
On receipt of the request, an access is initiated from a filter driver, and the virus-checking server performs a standard check on the file. Understand that standard virus checkers request only a small amount of data (signatures of a few kilobytes each) to establish the presence of a virus, so the overhead is relatively small. The exception to this is with compressed files, in which case the entire file must be shipped across the network. The implementation may be through the normal user network; in the case of heavy-load environments, you may wish to dedicate a network interface to the virus-checking server farm. If a virus is detected, the user and the Administrator will see a customizable pop-up message.
The scan-on-read functionality is triggered when a file is opened for read that was last scanned before a set “access time.” This “access time” is typically set when a new virus-definition file is loaded to rescan old files (once) that may contain undetected viruses. You may also wish, under certain circumstances, to run anti-virus in scan-on-read mode—for instance, after a restore of data that may be infected with a latent virus, or following migration from a general-purpose NT server onto an PowerStore system.
Scalability—You can scale the solution by adding virus-checking servers as required. Your server vendors should be able to provide you with an understanding of how many dedicated servers you would need. You can also use different server types (e.g., McAfee, Symantec, Trend Micro, CA, Sophos and Kaspersky) concurrently, as per their original anti-virus implementation.
Performance of anti-virus solutions tend to be measured in server overhead, and come with the typical “your mileage may vary” qualification, depending on application and workload.
NAS Server Interfaces
NAS servers interfaces are configured on the first two bonded ports on the 4-port card. Pan be used to test connectivity to other devices for troubleshooting purposes. Also, custom host and network routes can be configured for each NAS server interface.
NAS server interfaces cannot reside on the same VLAN as the storage network.
One interface is designated as the preferred interface for outgoing communication to external services.
- NFSv4 – 4.1
- Secure NFS
SMB – Standalone or Domain Joined
- SMB3 – 3.1.1
Multiprotocol – Access using both SMB and NFS simultaneously
- Automatically enabled when both the SMB and NFS protocols are enabled on the NAS Server
NFSv3 is not considered to be a secure protocol since it’s designed to trust the host to authenticate users, build their credentials, and transfer them over the network in clear text.
For security-conscious customers, Secure NFS can be used instead. This enables secure data transmission by using Kerberos instead of individual clients for authentication.
There are three supported modes for Secure NFS:
- krb5 – Use Kerberos for authentication only
- krb5i – Use Kerberos for authentication and include a hash to ensure data integrity
- krb5p – Use Kerberos for authentication, include a hash, and encrypt the data in-flight
In order to configure Secure NFS, the NAS server must meet these requirements:
- DNS must be configured
- UNIX Directory Service must be configured
Kerberos realm must be configured
- If an AD-joined SMB server exists on the NAS Server, that Kerberos realm can be used
NAS Server High Availability
In the event of a PowerStore node failure, NAS Servers automatically failover from one node to the other. The failover process generally completes within 30 seconds on most moderate-sized configurations to avoid host timeouts. NAS servers area also automatically moved to the peer node and back again during the upgrade process. Note that after recovering a from a reboot or failure, failing back the NAS servers is a manual process.
When creating new NAS servers, they are automatically assigned to the nodes in round-robin fashion. All file systems that are associated with a NAS server are served by the NAS server’s current node.
There are two properties available in PowerStore Manager:
- The Current Node indicates the node that the NAS server is currently running on. Changing a NAS server’s current node moves the NAS server to run on a different node.
- The Preferred Node indicates the node that the NAS server should ideally be running on. This acts as a marker that is based on the round-robin algorithm when the NAS server was first provisioned, which can be used for failback purposes. This property never changes after a NAS server is provisioned.
This screenshot shows how to move a NAS server to run on a different node.
NDMP is a backup and recovery protocol that is used to transfer data between file systems and backup targets.
There are two components in an NDMP configuration:
- Primary Storage – Source system to be backed up, such as PowerStore
- Data Management Application (DMA) – Backup application that orchestrates the backup sessions, such as Dell EMC NetWorker
- Secondary Storage – The backup target, such as PowerProtect
PowerStore supports 3-way NDMP backups. 3-way NDMP transfers both the metadata and backup data over the LAN. 2-way NDMP is not supported.
Both full and incremental backups are supported on PowerStore file systems.
With 3-way NDMP, both the data and metadata are transferred over the LAN. The backup data is first transferred to the DMA and then sent to the Secondary Storage.
In order to configure NDMP, navigate to the NAS server properties à Protection & Events à NDMP Backup.
A file system can be created once a NAS Server is available
- Once created, file systems cannot be moved from one NAS Server to another
The file system creation wizard prompts for:
- NAS Server
File System Details
- Description (optional)
NFS Export Details (if enabled on the NAS Server)
- Description (optional)
- NFS access configuration
SMB Share Details (if enabled on the NAS Server)
- Description (optional)
- Advanced SMB options
- Protection Policy
Advanced SMB Settings (File System)
- Sync Writes Enabled – Synchronous writes are required when using SMB shares for databases
- Oplocks Enabled (Default) – Allows SMB clients to buffer file data locally before sending to the system
- Notify on Write Enabled – Enables applications to be notified using the Windows API when files are written
- Notify on Access Enabled – Enables applications to be notified using the Windows API when files are accessed
- Advanced SMB Settings (Share)
- Continuous Availability (SMB3) – Allows persistent access to the share without loss of the session state
- Protocol Encryption (SMB3) – Encrypts data in-flight between clients and the system
- Access-Based Enumeration – Restricts the display of files and folders based on the user’s access privileges
- Brach Cache Enabled – Allows users to access data stored on a remote NAS Server without traversing the WAN
Offline Availability – Determines if users can cache a copy of the share for offline access
- None (Default)
- UMASK (022 Default) – Bitmask that enables the ability to control the default UNIX permissions for newly created files and folder
Minimum Security – Minimum security allowed when connecting to the NFS export
- Sys – Allows clients with standard NFS security to connect
- Kerberos – Allows clients using any Kerberos flavor to connect
- Kerberos with Integrity – Allows clients that have Kerberos with data integrity or encryption to connect
- Kerberos with Encryption – Allows clients that have Kerberos with encryption enabled to connect
- Access Levels – The access level for NFS clients
- No Access – Access is denied
- Read/Write – Users have read/write access to the export
- Read-Only – Users have read-only access to the export
- Read/Write, allow Root – Users have read/write access and root has root privileges on the export
- Read/Only, allow Root – Users have read/only access and root has root privileges on the export
When configuring access for NFS, you can configure a Default Access option. This configures the access level for clients that are not explicitly listed in the list export list.
You can configure the export list exceptions using hosts. Hostnames and IP addresses can be entered directly into the export list. Multiple hosts can also be entered simultaneously by separating them with a comma.
You can also configure the export list by importing a list of hosts and their respective access levels. The system provides a template to show the expected format. The CSV file should contain a list of hostnames or IP addresses along with the access level for each host. This feature is useful when configuring the same access settings for multiple NFS exports, even if they are on different clusters.
File System Creation
File System Management
This screenshot shows the options for managing and monitoring an existing file system.
File System Shrink and Extend
File systems can be shrunk and extended at any time. Note that you cannot shrink the file system to size that’s lower than the Used size.
Shrink and extend operations take effect immediately. You can see the changes as soon as you refresh the client.
The minimum size of a file system is 3GB and the maximum size is 256TB.
File System Metrics
There are file system level metrics available in PowerStore Manager and REST API. These metrics include latency, IOPS. Bandwidth, and IO size.
The age of the data determines how granular the data is:
- Last Hour – 20 seconds
- Last Day – 5 minutes
- Last 2 Months – 1 hour
- Last 2 Years – 1 day
PowerStore Manager Metrics
This screenshot shows a screenshot of the file system metrics in PowerStore Manager.
File System Quotas
Quotas are available to regulate the capacity consumption on the file system.
User quotas limit the capacity consumed by an individual user on the file system. Since PowerStore file leverages a UNIX-based file system, these users are identified by the their UNIX UID regardless of the actual access protocol.
Tree quotas limit the capacity consumed on a specific directory on the file system. All files in the directory and subdirectories contribute towards the limit.
Default quotas are applied to all users on the file system automatically. This negates the need to configure a user quota for every user. You can configure exceptions to the default as well.
You also can configure user quotas inside of a tree quota. This limits the capacity by specific users in a specific directory.
Soft and Hard Limits
Quotas have soft and hard limits. The soft limit is a limit that can be passed temporarily.
The grace period determines for how long the soft limit can be exceeded. Once the grace period expires, the user is prevented from writing any additional data. When this happens, they must free up space so that they are under the soft limit again before they are allowed to write.
The hard limit is an absolute limit on storage usage. Once the hard limit is reached, the user cannot write any additional data until space is freed up.
Quota settings can be managed on the storage system and also on Windows clients.
How Quotas Work
This screenshot shows how quotas work. In this example, data is being written to a directory with a tree quota on it. The file system usage is increasing and climbing towards the soft limit.
When the soft limit is reached, the grace period is invoked.
If the grace period expires and the soft limit is still exceeded, write requests from clients are denied. They must remove data to go under the soft limit again in order to write again.
This screenshot shows how to configure quotas, grace period, default settings, and an individual user quota.
Below, you can see a short demo of the PowerStore NAS UI
and a longer one..
A NAS MMC Plug-IN video
you can also download a white paper by clicking the screenshot below