A guest post by Jodey Hogeland & Michael Aharon

This past May at Dell Technologies World, PowerStore OS 3.5 was announced. With this software update, Dell PowerStore gained several key capabilities and over the next several weeks I will overview these new capabilities with a bit more technical detail.

Joining me for this technical update series is Michael Aharon. Michael Aharon is an Advisory Solutions Consultant within Dell Technologies Storage, Platforms and Solutions team in Canada, specializing in Dell Primary Storage portfolio. He has been with the company for 12 years and holds multiple Dell/EMC specific as well as other industry certifications. Michael has over 20 years of experience in a variety of technical roles and is a frequent speaker at technical forums, such as Dell Technologies and VMware User Group forums.

Dell Technologies World 2023

We just concluded our annual Dell Technologies World conference in Las Vegas and this year over 12K+ technology professionals attending the event.

Obviously, this is the time of the year when we announce a ton of new products, features, integrations and partnerships. The main themes included announcements around APEX aaS integrations and partnerships, IaC and Containers, Security and several others.

PowerStore OS 3.5 Announced

Let’s highlight and draw your attention to one of the key announcements around Dell PowerStore.

Dell PowerStore is an enterprise-class, NVMe All Flash storage solution that supports Dell customers mission critical applications. Over the course of last three years, since Dell introduced PowerStore, customer have continually gained increased features and functionality that ensures customers receive the most value.

In 3.5, one feature that customers gain is support for Secure Snapshots. PowerStore has supported immutable snapshots since its inception. Immutable snapshots are read only, point in time protection of a source resources like volumes or volume groups. PowerStore snapshots are space efficient, and leverage Redirect on Write technology.

PowerStore Secure Snapshots

Setting up PowerStore local and remote protection (snapshotting / replication) is simple and uses a management mechanism called Protection Policies. Customers can simply configure a Protection Policy with local protection (snapshot) schedules and remote protection (replication) schedules and apply this Protection Policy to a resource they need to protect. You can have multiple Protection Policies with different schedules configured, depending on the requirements for local and remote protection of various resources within customer’s environment.

The diagram to the right demonstrates the use of redirect on write technology used with PowerStore Snapshots.

Since immutable snapshots are Read Only, customers can use them to recover in the event of source resource corruption or for any other reason. Remember, immutable snapshots in PowerStore cannot be modified, mounted, or manipulated.

However, these immutable snapshots could be “deleted.” This is one of the reasons why Dell is introducing Secure Snapshots. Secure Snapshots (non-deletable) protect customers from accidental or malicious deletion by a user with elevated privileges on the system, or potentially a ransomware attack. This feature allows PowerStore customers to apply a compliance level retention of snapshots.

This is not “just” an anti-ransomware conversation. Customers often have periods of time where particular data sets require compliance level retention. Think of scenarios like legal holds, mandatory court ordered preservation, regulatory compliance, etc. Because this capability is a compliance level retention, it secondarily benefits systems that have been compromised by preventing the removal of recoverable data.

In the 3.5 release, Secure Snapshots support protecting volumes and volume groups only, and still follow the same workflow of configuring and applying Protection Policies. When a Protection Policy is configured to create Secure Snapshots, administrators need to define a retention time. This retention time is the period of time that the snapshot will remain active. Retention time is the only mechanism available to expire Secure Snapshots. If there is a need to extend the retention time for a specific use case, it can be done, however the opposite is not possible.

Customers can use the Secure Snapshot feature as well as Read Only immutable snapshots and create a comprehensive schedule that will protect their environment against accidental or malicious activities.

How to setup Secure Snapshots

There are couple of ways to take a Secure Snapshot in the PowerStore Manager GUI.

One option is to select a volume under the Storage tab and then select the Protect dropdown menu. Several options will be enabled and one of the options will be Create Snapshot.

PowerStore environments running 3.5 will now have the Retain Until period and the Secure Snapshot checkbox.

For clusters running PowerStore version 3.5 and above, all secure snapshots that are generated on the local system are replicated as secure to the remote cluster.

If the destination cluster is running a PowerStore version below 3.5, secure snapshots are replicated as regular snapshots on that cluster. This means that the snapshot rule on the destination cluster will not maintain the “Secure Snapshot” retention since it is not running 3.5 or higher. If failover occurs on a cluster running PowerStore version below 3.5, secure snapshots are not created for the storage resource.

Another way to create a Secure Snapshot is to go into the Volume properties and select Create Snapshot under the Protection – Snapshots tab.

Remember that using the Volume properties screen to create a Secure Snapshot is a one-off process. The recommended method is to create a Protection Policy. The advantage of having a Protection Policy is the ability to re-use it multiple times by applying it to different resources that need the same level of local protection.

Using Protection Policies for Secure Snapshots

Navigate to the Protection tab and select “Protection Policies.”

Clicking the “Create” button will allow you to create up to four different Snapshot Rules in a single Protection Policy.

In this example we will create a snapshot rule named “Secure_Snap_1x_Daily” that happen once every 24 hours and will have an expiration / retention of seven days.

It should be understood that administrators should have a solid understanding of the data retention requirements before applying Secure Snapshots. The Secure Snaps will lock the data in the snapshot for the entirety of the retention period which physically consumes space. Customers should have an understanding of their data growth patterns, space requirements, available space, etc. before implementing any long term Secure Snapshots.

Remember that snapshots are tied to the volume that they are associated with. This means that any volume with existing Secure Snapshots cannot be deleted until the retention period has expired.

Recycle Bin Option

Another feature added to the 3.5 release is the ability to have removed objects placed in a recycle bin. We all know that mistakes can happen and in the event that a volume is attempting to be removed the Recycle Bin feature comes into effect.

Administrators with systems running PowerStore OS 3.5 can customize the default Recycle Bin expiration duration in the “Settings” screen within PowerStore Manager.

As you can see in the image above, the expiration duration setting can be easily modified to meet the needs and requirements of customer environments. This setting will prevent immediate removal of the object and send it to the Recycle Bin until the expiration duration.

Here is what happens when trying to delete a volume with the Recycle Bin feature.

Note that administrators can bypass the Recycle Bin by selecting the “Skip Recycle Bin and permanently delete” option if they desire. However, if the “Skip” box remains unchecked the deleted volume will be added to the Recycle Bin. In this case we are going to delete the volume “Test_Jodey”.

To view the contents of the Recycle Bin an administrator can navigate to the Storage tab at the top of PowerStore Manager.

We can see that the deleted “Test_Jodey” volume is now in the Recycle Bin and not yet permanently deleted. At this point the deleted volume can either be recovered or permanently expired.

Louie Sasa has provided a nice Recycle Bin / 3.5 detailed post on the Dell Technologies Info Hub site.

More Information

Leave a ReplyCancel reply