Jump to main content

PowerScale OneFSHelp

OneFS Web Administration Guide
OneFS Event Reference Guide

OneFS Web Administration GuideThe OneFS Web Administration Guide describes how to activate licenses, configure network interfaces, manage the file system, provision block storage, run system jobs, protect data, back up the cluster, set up storage pools, establish quotas, secure access, migrate data, integrate with other applications, and monitor PowerScale clusters.
- About this guideThis guide describes how the PowerScale OneFS web administration interface provides access to cluster configuration, management, and monitoring functionality. For information about APEX File Storage Services, see the Dell Technologies APEX File Storage Services Administration Guide.
- Scale-out NAS overviewThe scale-out NAS storage platform combines modular hardware with unified software to harness unstructured data. The OneFS operating system powers the platform to deliver a scalable pool of storage with a global namespace.
- Where to get help
- PowerScale scale-out NASPowerScale OneFS combines the three layers of storage architecture—file system, volume manager, and data protection—into a scale-out NAS cluster.
- General cluster administration
- Access zones
- Authentication
  - Authentication overview
  - Authentication provider featuresYou can configure authentication providers for your environment.
  - Security Identifier (SID) history overview SID history preserves the membership and access rights of users and groups during an Active Directory domain migration.
  - Supported authentication providersYou can configure local and remote authentication providers to authenticate or deny user access to a cluster.
  - Active DirectoryActive Directory is a Microsoft implementation of Lightweight Directory Access Protocol (LDAP), Kerberos, and DNS technologies that can store information about network resources. Active Directory can serve many functions, but the primary reason for joining the cluster to an Active Directory domain is to perform user and group authentication.
  - LDAPThe Lightweight Directory Access Protocol (LDAP) is a networking protocol that enables you to define, query, and modify directory services and resources.
  - NISThe Network Information Service (NIS) provides authentication and identity uniformity across local area networks. OneFS includes an NIS authentication provider that enables you to integrate the cluster with your NIS infrastructure.
  - Kerberos authenticationKerberos is a network authentication provider that negotiates encryption tickets for securing a connection. OneFS supports Microsoft Kerberos and MIT Kerberos authentication providers on a cluster. If you configure an Active Directory provider, support for Microsoft Kerberos authentication is provided automatically. MIT Kerberos works independently of Active Directory.
  - File providerA file provider enables you to supply an authoritative third-party source of user and group information to a PowerScale cluster. A third-party source is useful in UNIX and Linux environments that synchronize /etc/passwd, /etc/group, and etc/netgroup files across multiple servers.
  - Local providerThe local provider provides authentication and lookup facilities for user accounts added by an administrator.
  - Multi-factor Authentication (MFA)Multi-factor authentication (MFA) is a method of computer access control in which you are only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism. Typically, authentication uses at least two of the following categories: Knowledge (something you know); possession (something you have), and inherence (something you are).
  - Multi-instance active directoryIf you are a zone-local administrator, you can create your own AD instance, even if the AD instance for the same domain is already created globally or in another access zone.
  - LDAP public keys
  - Managing Active Directory providersYou can view, configure, modify, and delete Active Directory providers. OneFS includes a Kerberos configuration file for Active Directory in addition to the global Kerberos configuration file, both of which you can configure through the command-line interface. You can discontinue authentication through an Active Directory provider by removing it from all access zones that are using it.
  - Managing LDAP providersYou can view, configure, modify, and delete LDAP providers. You can discontinue authentication through an LDAP provider by removing it from all access zones that are using it.
  - Managing NIS providersYou can view, configure, and modify NIS providers or delete providers that are no longer needed. You can discontinue authentication through an NIS provider by removing it from all access zones that are using it.
  - Managing MIT Kerberos authenticationYou can configure an MIT Kerberos provider for authentication without Active Directory. Configuring an MIT Kerberos provider involves creating an MIT Kerberos realm, creating a provider, and joining a predefined realm. Optionally, you can configure an MIT Kerberos domain for the provider. You can also update the encryption keys if there are any configuration changes to the Kerberos provider. You can include the provider in one or more access zones.
  - Managing file providersYou can configure one or more file providers, each with its own combination of replacement files, for each access zone. Password database files, which are also called user database files, must be in binary format.
  - Managing local users and groupsWhen you create an access zone, each zone includes a local provider that allows you to create and manage local users and groups. Although you can view the users and groups of any authentication provider, you can create, modify, and delete users and groups in the local provider only.
- Administrative roles and privileges
- Identity management
- Home directoriesWhen you create a local user, OneFS automatically creates a home directory for the user.
- Data access controlOneFS supports two types of permissions data on files and directories that control who has access: Windows-style access control lists (ACLs) and POSIX mode bits (UNIX permissions).
- File sharingYou can access files and directories using SMB for Windows file sharing, NFS for Unix file sharing, secure shell (SSH), FTP, and HTTP.
- File filteringFile filtering enables you to allow or deny file writes based on file type.
- Auditing
- Snapshots
- Deduplication with SmartDedupe
- Data replication with SyncIQ
- Data layout with FlexProtect
- NDMP backup
- File retention with SmartLock
- Protection domains
- Data-at-rest encryption
- S3 Support
- SmartQuotas
- Storage pools
- Pool-based tree reporting in FSAnalyze (FSA)
- Job management
- Networking
- Partitioned Performance Monitoring
- Antivirus
- File system explorer
OneFS Event Reference Guide

Home
OneFS Web Administration GuideThe OneFS Web Administration Guide describes how to activate licenses, configure network interfaces, manage the file system, provision block storage, run system jobs, protect data, back up the cluster, set up storage pools, establish quotas, secure access, migrate data, integrate with other applications, and monitor PowerScale clusters.
Authentication

Authentication