Eyeglass Cluster Storage Monitor

Eyeglass Cluster Storage Monitor

Product Name - i.e. Superna Eyeglass

Revision Changes to this Document December 2017

Table of Contents


Introduction to this Guide


As data grows, and clusters are deployed in remote locations the cost of administration and management of these complex systems is growing as well. Better tools are required to automate  display summary usage as well as produce  quick searches across multiple clusters for share and export usage. The Eyeglass Cluster Storage Monitor is a self serve user quota management system designed to simplify multi cluster management and reduce the associated administrative cost.  A new  Eyeglass platform product the  initial release of the Cluster Storage Monitor  is focused on storage consumption, storage tier usage, cluster health, and data migration. The Cluster Storage Monitor will reduce administration cost by:

  • Simplifying storage reporting

  • Providing health check at a glance,

  • Simplifying data migration to allow data and configurations to be  moved seamlessly between Access Zones or clusters

  • Removing manual steps from quota administration.

In addition the Cluster Storage Monitor feature  can be used for quota storage chargeback with reporting for all quotas, utilization, share and export overlap with quotas.

What's New

See what new features are coming with each new release here

Overview Video

Cluster Storage Monitor Overview

License Requirements:

  1. Existing cluster licenses for DR Configuration Replication, each cluster will be enabled .

  2. License key activates all licensed clusters, maintenance purchased separately.

  3. Trial key limits:

    1. Storage by share/export tab will only display shares or exports with a Name, or with a path that includes pattern of igls-quota-sharename or /ifs/data/somepath/igls-quota-export1.

    2. The Product license key is global and activates all clusters under management with valid cluster license and removes the share or export name limitation used only for lab testing or trial of the feature.

    3. Data-ReOrg feature will allow migration from any source zone to a target Access Zone with a name that begins with “EyeglassMigrationZoneTrial-xxxx” where xxxx can be any string.  In addition trial keys are issued with object count that allows a subset of the objects to be migrated.  A count of 10 objects will allow the selection of only 10 share, export, quota found on a path for migration. Any objects over this count will not migrate.  The objects migrated are previewed but can not be selected to be a specific 10 objects.  The full product version removes this restriction.


This guide is designed to help with Eyeglass Cluster Storage Monitor, should you have any issues that are not addressed in this guide, Superna offers support in several forms; on line, voicemail, Email, or live on line chat.

  1. The support site provides online ticket submission and case tracking.  Support Site link - support.superna.net 

  2. Leave a voicemail at 1 (855) 336-1580

In order to provide service you must have an account in our system. When calling in leave; customer name, email, description of question or issue, and primary contact for your company. We will  assign the case to primary contact for email followup.

  1. Email eyeglasssupport@superna.net

  2. To download license keys please go to the following  license keys.

  3. You can also raise a case right from in Eyeglass desktop using the help button, search for your issue and if want to raise a case or get a question answered, click the “leave us a message”  with your name, email and appliance ID and a case is opened directly from Eyeglass.


  1. Or get Support Using Chat M-F 9-5 EDT  (empty box?  we are not online yet)

  2. Eyeglass Live Chat 

  3. You should also review our support agreement here.

Storage and Cluster Monitoring Features and Usage

The following section shows how to use  the capacity and cluster hardware views.

How to See Cluster Storage Utilization Summary and Hardware Health

  1. Open Cluster Storage Usage icon.

  2. Cluster Storage tab displays summary of utilization.

  3. Cluster Storage Hardware tab displays clusters, OneFS version, nodes disk usage, Storage pools and utilization per item once expanded, along with cluster health status. Expand clusters to see nodes and health.

    1. Green - ok.

    2. Yellow - Needs Attention.

    3. Red - Fault or failure.

  4. Remaining columns show Total, used %, SSD Used, SSD Size , SSD available space.

Screen Shot 2016-08-25 at 8.57.55 PM.png

Screen Shot 2016-08-25 at 8.58.28 PM.png

How to Manage Storage by the Share or Export

Storage administrators and end users know the storage location based on export or share name not path.  This feature allows all shares, exports with quotas assigned to easily search and find shares or exports and display the latest utilization of the quota (any type of quota).

  1. Type the zone:share/export name to easily find shares and exports across any managed cluster.

Screen Shot 2016-08-25 at 8.32.15 PM.png

  1. A future release will create advisor quotas automatically when any shares or exports are created on the cluster eliminating manual quota creation steps.

  2. How to interpret the % shown per share or export.  This represents the % utilization this share represents of the “Used” storage on the cluster and includes dedupe applied to the quota path.

    1. Example if 1GB is used of cluster capacity and a share called “SMB-data” quota utilization is 500MB then the % contribution to consumption by this share is 50%.

Screen Shot 2016-06-13 at 8.41.06 PM.png

Automatic Share & Export Advisory Quota Mode

This completely automates management of storage by share or export by detecting any new share or export without an advisor quota and creating it automatically.  This ensures the quota reports are 100% up to date, tracks all shares and exports.  Requires no administration or process to enable quotas.

Use Cases

  1. This can also be useful with Storage Quota portal when not all shares have quotas applied.

  2. Defaults to disabled.

  3. Automatically removes quota of share or export is deleted, path changed.

How to Enable Auto Quota Mode

  1. Ssh as admin user to appliance or use web shell from main menu.

  2. igls adv  quotas help.

  3. igls adv quotas (see current values).

  4. igls adv quotas set --quotasync=true  (this enables the feature, false to disable).

  5. igls adv quotas set set --quotasyncdelete=enabled (defaults disabled, valid values are enabled/disabled/advanced).

    1. Disabled means no quotas will be deleted after share or export delete, they must be deleted manually.

    2. Enabled When a share is deleted, this mode deletes all quotas in that path unless another share exists in the same path NOTE: do not enable quota sync delete unless you are sure you can.  This mode will detect a share being deleted and delete all quotas at this path and below in the file system.

    3. (recommended mode) Advanced When a share is deleted, this mode deletes only Eyeglass created quotas in that path unless another share exists in the same path.

Data Migration - Data Re-Org Feature Usage

This feature is accessible from the jobs window and is not included in Enterprise license keys by default as of Release 1.8 or later.

Screen Shot 2016-08-26 at 7.49.58 AM.png

For administration guide on this feature please see the Access Zone Migration Admin Guide.

How to Deploy a Quota Chargeback Solution

The Cluster Storage Monitor addon can be used to build an AD integrated chargeback solution.  New report includes CSV for charge back capabilities and all limits and % usage included for easy sorting and reporting.

Sample Chargeback Report

Screen Shot 2017-03-24 at 6.32.16 PM.png

The first step is creating shares with AD group permissions that grant business unit owners at least read access to all storage they are responsible to manage.  This ensures that login to the quota portal will display all quotas, shares at the department level and below.  See the example below.

  1. Dept X has a share and several sub folders with directory quotas (no shares on these paths).

    1. Dept X Manager AD account has permissions to the Department X share and can also view each sub folder quota in the user portal.

    2. If additional shares exist below the top level share these will also display to the manager user account

  2. Dept Y user will be able to see quota usage on the share and child directory quotas but will NOT be able to see Dept X shares or directory quotas since no AD permissions grant access.

NOTE: Everyone full control shares can be hidden if required from all users

Example of 2 Tier Access and Reporting on Quota Usage

The example below shows 2 tier access within a department.

Quota and Data Recovery User Self Serve Portal

This feature allows administrators to publish a webpage on Eyeglass or use web widget to export the user quota self serve portal interface to any web server, example help desk web page for end users.


  1. Eyeglass appliance with all clusters added where quotas will be managed.

  2. The Isilon discovery license (per cluster or per node) must be added to allow all clusters to be managed by the quota or data recovery portal.

User Type Definitions

  1. Quota Manager - User type that can login and  request group share quota increases on behalf of other users.

  2. Data Recovery Manager - User type that can login and approve data recovery requests submitted by users or create recovery tasks on behalf of users.

  3. End user Quota- individual users that can login and request shares OR group shares of which they have permissions.

  4. End user Data Recovery -  individual users can login and request data recovery on shares or exports.   

  5. Quota Admin - User type that is allowed to approve quota requests.

How Quota and Data Recovery Portal Works

See below for workflow of quota request, approval and activation and the data recovery request approve, deny.

How Quota and Data Recovery Portal Discovers User Shares

It's important to understand how the portal works to design a solution that meets your business  requirements.

The following  details the work flow:

  1. Both Portals - Users login to the portal with an active directory user account and supply their password.  

    1. The password is used to validate the user is who they say they are and uses the managed device SmartConnect FQDN to map the user to an Access Zone authentication provider.

    2. The login password is encrypted end to end including while in RAM on the appliance.

    3. The login process uses CIFS (SMB) native login protocol , the same one used to authenticate to shares on the Isilon.

    4. Once the password is validated, the login session is torn down.

    5. RBAC role is checked to see if Data Recovery and Quota portal icons should be shown to the user.

  2. Quota Portal - Now the appliance uses the appliance cluster service account for elevated permissions to query the user account name, via Isilon API, to return Active Directory user SID and all group memberships and SID’s.

  3. Quota Portal  - This information is then used to find shares and group shares across all managed Isilon cluster(s) connected to the appliance.

This enables a corporate wide name space for disk space management regardless of the cluster the data is stored on.

NOTE: this requires the same AD domain auth provider used across all clusters.

NOTE: default mode does not display the well known SID everyone shares but this can be enabled if required.

NOTE: in Release 1.8 and later deny permissions on a share will remove the share from the users list of shares (by group membership or username)

  1. Quota Portal - The user portal now displays all detected shares for the logged in user along with the current quota type and usage.

NOTE:  Quotas below the share path will also be detected and listed for users to edit or make requests.   This ensures that even sub directories below a share can be managed by the user and provides visibility.

  1. Data Recovery Portal - The data recovery  portal now shows all shares (even without quotas).

  2. Quota Portal - The user can select a share and enter a requested modified quota and the % increase (or decrease ) is displayed to the user.

    1. Complete the inputs , comment and email address to be notified once the request is processed.

  3. Quota Portal - The request is now routed to the configured quota group list setup in the Notification Center for approvals.

  4. Quota Portal - The request can be approved or denied, in either case it will be logged and a status email sent to the user.

    1. If approved the Eyeglass appliance, marks the the quota as approved.

      1. Each configuration sync cycle finds all approved quotas and then applies them to the cluster and changes the status to “Fulfilled” in the users pending and history requests view.   The default interval to apply approved quotas is 5 minutes. The default interval can be changed with an IGLS CLI command. Consult the administration manual for details on changing scheduled tasks.

    2. If denied no action is taken other than sending a status an email to the user and logging.

    3. All requests are stored in a database that allows the user to see previous  requests once they are logged in.

    4. Users can review  pending requests that have not been processed by the administrator in the user portal.

  5. Quota Portal - Appliance Administrators with the Eyeglass appliance quota management permission can open the Quota Admin icon to review pending requests for approval or deny with comment.

    1. NOTE: RBAC user roles in Eyeglass allows separation of quota management from DR operations.  

  6. Data Recovery Portal -  Logged in user has all SmartConnect names for shares the to which the user has access (shares and group shares). This also includes everyone shares if enabled.

    1. User selects share or exports (visible under the SmartConnect name selected)

    2. User selects snapshot(s) to include in the recovery access email.

    3. User can see all snapshots regardless of the cluster (I.E. Prod and DR clusters that have snapshots). The DR copy itself is included in the list with date and time stamp.

    4. User submits request for access.

    5. Receives email of the pending request.

  7. Data Recovery Portal - Administrator with data recovery approval RBAC role can approve the pending requests.

    1. Pending approved requests send an email to the user with temporary share, secured to the user, and created by Eyeglass on all required clusters.

    2. The email includes UNC path, an ordered list of access to the data, and time period access will be allowed.

  8. Data Recovery Portal - Eyeglass deletes shares after time period expires.

How the Portal Can be Assessed

The quota or data recovery portal is accessible in 3 ways.

  1. Login to the Eyeglass appliance with a user that that has a Quota Role assigned.

Screen Shot 2017-01-22 at 4.19.26 PM.png

NOTE: It may not be desirable to expose the Eyeglass appliance to end users, due to IP routing or firewalls.  If this is the case we recommend the 2nd option below.

  1. The Eyeglass URL dedicated to quota end user logins allows Eyeglass to host the web widget directly on the appliance VM.

The default URL is: https://x.x.x.x/

  1. (not available yet) A web widget that leverages the Eyeglass API to allow corporate web or support page to display portal login and quota request portal.  The web widget HTML code is cut and pasted from the Eyeglass API menu, once an API token for the widget has been created.  You select the API token and the quota widget from the menu to display the HTML code needed for the external web server to display on a page.  See the Eyeglass Isilon Edition Admin Guide for details on how to use Web widgets.

Screen Shot 2016-09-10 at 11.26.07 AM.png

Best Practises:

  1. To reduce disk space  IT admin costs, use the Quota Manager user role to delegate quota management responsibility to a quota manager within each business unit.

  2. To reduce IT admin costs of managing data recovery, use the Data Recovery Manager user role to delete data recovery requests to business unit.

How to Configure Quota or Data Recovery Self Serve Portal

This section covers how to configure authentication roles and user login options.

Selective Access Zone Authentication Quota Management Support

This enables administrators to decide which Access Zone SmartConnect zone is used for end user authentication.   It also ensures debugging authentication is easier to manage with only specific FQDN SmartConnect zone names used in a specific order for user login.

The solution avoids users needing to know which cluster or name is used for authentication and uses a list of SmartConnect FQDN’s that Eyeglass will use when authenticating end users.  

Rules on FQDN Usage

  1. These FQDN’s should match the SmartConnect zone name exactly as configured on Isilon IP Pools.

  2. Add one per Access Zone that will have Quota portal services enabled.

How to Configure SmartConnect FQDN Authentication  List

In order to allow and enable specific Access Zones for quota management support, we recommend placing the SmartConnect FQDN name in the Eyeglass configuration using “igls adv commands” (shown below) to target authentication requests directly to the Access Zones SmartConnect names.

This will speed up the authentication process and target only Access Zones that require quota login services.

To add a SmartConnect FQDN for authentication to the configuration in Eyeglass:

  1.  For checking FQDN list:   igls admin auth

  2.  For adding a new FQDN: igls admin auth add --fqdn <name>

  3.  For changing a FQDN:     igls admin auth modify --fromfqdn <name> --tofqdn <newName>

  4.  For deleting a FQDN:       igls admin auth delete --fqdn <name>

  5.  For deleting all FQDN's:   igls admin auth delete --all true

NOTE: Eyeglass must be able to resolve the FQDN SmartConnect name entered into the igls commands. This  should be tested using NSLOOKUP before going into production.  Example:

  • Open Eyeglass Shell

  • Nslookup <fqdn from the list>  should return an ip address correctly

Authentication Process Configuration and Design Considerations

When users authenticate, they enter Active Directory Login using user@domain.com  or domain\username syntax and enter their normal AD password used to access shares.

  1. The authentication process follows this order of authentication:

    1. Using the proxy login UI option

Screen Shot 2016-10-06 at 1.59.08 PM.png

If the IP address field is left blank, then administrator configured FQDN list is used.  See below.  It's possible to override and enter an IP or FQDN for testing purposes.

    1. Eyeglass reads the SmartConnect FQDN list from the list that has been added with igls commands and sequentially sends user authentication to each SmartConnect FQDN entered (in the order it was entered in the file).

      1. If the login succeeds on the first FQDN SmartConnect entry, authentication process exits and moves on to detecting the user's user and group shares.

        1. The FQDN that was successfully authenticated is then matched to the Access Zone (using the Eyeglass database).

        2. User and group shares are now checked using the Access Zones, assigned authentication provider domain.

      2. If a login fails, then next FQDN SmartConnect name is used and so on.

      3. If no FQDN SmartConnect name entries exist Eyeglass will attempt to authenticate the user with the IP (SSIP or FQDN used to add the cluster to Eyeglass), using the same process as above until all attempts to authenticate have been completed.

      4. If none of the above succeeds, authentication will fail and user will see an error message.

  1. User Group Detection:

Now that the user has been authenticated the detection of groups proceeds as per below.

    1. In order to retrieve user and group membership from Active Directory Authentication provider, Eyeglass will now use REST API to the cluster SSIP or FQDN with the service account credentials used to add the cluster to Eyeglass..

      1. The Access Zone domain is looked up by the FQDN that authenticated the user account from the Auth list setup in Eyeglass.

      2. Eyeglass sends a user and group membership query to the Isilon and using the AD domain from the IP pool that matched the FQDN that successfully authenticated the user.

    2. This information is used to detect shares, group shares and quota’s to display to the user  IP used to filter the data recovery share list to the user.

Multi Access Zone Authentication Example

Self Serve End User Quota or Data Recovery Request Permissions

In order for end users to be granted permission to manage their own quotas, or group share quotas, or data recovery capabilities, they require an Eyeglass role for the End User to login.  This allows control of who can request a quota increase or make data recovery requests.  See below for steps to create this role.

How to Assigning Self Serve Eyeglass Quota or Data Recovery Role to End users

Users Accounts Supported

  1. AD Individual users (user@doman.xxx).

  2. Isilon Users.

  3. AD Groups (groupname@domain.xxx).

  4. Isilon Groups .

How to Create the RBAC Roles

  1. Create Active Directory group or use an existing group for granting this permission.

  2. Login to Eyeglass as admin user.

  3. Open User Roles Icon from the desk top.

  4. Create new role example Quota Users:

    1. Add AD Group name to the group section of the role.

    2. Or add to user section of the role definition.

  5. Select the User Storage permission to assign and click save. See below:

Screen Shot 2017-01-22 at 4.19.26 PM.png

  1. Role Use Case Best practices:

    1. If only group shares need to be managed and no end users require access, then individual AD users that are authorized to manage quotas for the group can be added to the role.  

    2. If Data recovery requests should be managed by a centralized business unit person or IT admin, then use per user permissions for this role.

    3. More than one user can be added.  

    4. Or use AD group for more efficient management of the permissions.

    5. Quota Manager users must have share access to the group shares they manage on behalf of the user community that access the group share or shares.   

    6. This enables the Quota Manager user to request disk space on behalf  of all users that access the group share.

    7. Data Recovery admin role also allows requesting access to data on behalf of users and can be used instead of giving  access to end users.

Global User Portal Access Role Configuration

Use this option when AD group does not exist and all users in a domain should have access to the portals to login.  This can be accomplished with the steps below.

  1. Login to Eyeglass as admin user.

  2. Open User Roles.

  3. Create new role with name “quota users all”.

  4. Click the “All Users” checkbox.

Screen Shot 2016-10-05 at 7.35.15 AM.png

  1. Save the role.

  2. Note:  This option will validate a user login ID and password only on login, and will proceed to detect shares and group shares without checking role membership.

  3. Any user that has a valid domain login and password can now login.

Global Option To Enable all Users in Active Directory Access to User Portals

Since shares secured to everyone full control or other permissions maybe shared with a lot of users, this option disables showing these shares to end users by enabling everyone shares flag to hide them from the user UI.

This option can be set in using “igls adv command” to allow all authenticated users to login without needing to create a role and assign users to a role.  

This means any user that can successfully login to an AD provider on a managed cluster in Eyeglass, will be allowed to login and have shares detected and displayed.

igls adv qsseveryoneshares set --everyonefullcontrolshares=<value>  true or false  

NOTE: change takes effect in the UI real-time, no need to restart any process.

End User or Quota Manager Portal Login and User Experience

The User portal solution is built into the  Eyeglass UI and RBAC roles.  A web widget will also be available to display on any corporate webpage. Example help desk web page.

  1. Login from the Eyeglass main login requires a managed device login (click banner at the bottom). Login screen changes to the below example.

Both user@<domain name> FQDN OR domain\user syntax is supported for login.

Screen Shot 2016-09-10 at 8.20.31 AM.png

  1. User Storage Icon for making requests:

Screen Shot 2016-09-10 at 7.28.53 PM.png

  1. Once Logged in the users can see:

    1. Shares and group shares usage with option to request additional capacity.

    2. Pending requests not yet approved or denied.

    3. History of all requests for the logged in use.

  2. Share list display:


  1. User Request Screen:


  1. Example usage screens:

Screen Shot 2016-09-10 at 8.19.48 AM.png

Screen Shot 2016-09-10 at 7.40.40 AM.png

  1. Color coding is used to represent % of quota limits:

    1. 0%  - 60%: green

    2. 60% - 90% : orange

    3. 90% - 100%: red

End User or Manager Data Recovery Portal Login and User Experience

The User portal solution is built into Eyeglass UI and RBAC roles.  A web widget will also be available to display on any corporate webpage. Example help desk web page.

  1. Login from the Eyeglass main login requires a managed device login (click banner at the bottom). Login screen changes to the below example.

Both user@<domain name> FQDN OR domain\user syntax is supported for login.

Screen Shot 2016-09-10 at 8.20.31 AM.png

  1. User Data Recovery Icon for making requests.

Screen Shot 2017-01-22 at 7.01.13 PM.png

  1. Once Logged in the users can see:

    1. SmartConnect names with shares and exports displayed as children.

    2. Pending requests not yet approved or denied.

    3. History of all requests for the logged in use.

  2. SmartConnect names by cluster :

Screen Shot 2017-01-22 at 7.02.27 PM.png

  1. User Request Screen:

Screen Shot 2017-01-22 at 7.03.29 PM.png

Quota or Data Recovery Administrator Portal Configuration

Quote Admin can be accessed from Eyeglass main login. This feature supports RBAC role to provide quota only administrator permissions within the Eyeglass desktop and block all DR related functions.

See Role Based Access Control Guide.

  1. Setup email notification in Notification center with an SMTP server, see quick install guide.

    1. Allows Eyeglass to send Quota request emails to administrators and responses to admins that have quota report checked off in notification center.

    2. Quota approval, deny summary emails for daily summary report to administrators defined with Quota admin report checked off.

    3. Enable Data Recovery reports and assign email to receive data recovery request summary reports.

  2. Administrators (admin) or user account with quota management role in Eyeglass can access the Quota Admin icon to view and approve quota requests for clusters added to Eyeglass.


Administrators can view requests by cluster, and approve or deny with comment, the user will be notified based on the email they submitted.

  1. Administrators (admin) or user account with Data Recovery management role in Eyeglass can access the Data Recovery Management icon to view and approve data recovery requests for clusters added to Eyeglass.

NOTE: End Users that login retain a record in the requests database, if a user logs in again they can review previous requests and status.

Quota Admin - How to View Approve and Manage Pending Requests

  1. Login and open Quota Request Management icon.

  2. Open Pending Requests folder to review the previous quota and the requested changes to it.

Screen Shot 2016-09-13 at 7.19.23 AM.png

  1. The options are Approve, Deny or Edit the request to change it before approval.

  2. Once approved or denied, it will move to Request History folder and email the user about the status of the request.

Screen Shot 2016-09-20 at 8.49.54 PM.png

  1. Once in Approved status, Eyeglass will pick up the approved quotas (all of them in the queue)  next configuration job run and will change apply the quota and change status to “Fulfilled” status.  See image below.

Screen Shot 2016-09-20 at 10.07.04 PM.png

It will also now show in request history for the user once they login to the user portal again and show them approved and Fulfilled.

  1. End or process

Quota Admin - How to View Request History

  1. Login and open quota request Management icon

  2. Open Requests History folder to review the previous quota requests and changes applied.

Screen Shot 2016-09-13 at 7.19.53 AM.png

  1. It is possible to delete a history record from the database before it's processed by Eyeglass using the delete button.  This needs to be done within 5 minutes before the next configuration sync cycle.

Cluster Bulk Quota Management Features

Managing quotas in environments with thousands or tens of thousands can create a huge administrative effort to track and manage.  This feature along with self serve portal is aimed at reducing this effort and cost.   The Advanced Search  feature allows searching using various criteria across one or more clusters

Quota Advanced Search

  1. Login to Eyeglass with a user in the Manage Quotas role.

  2. Open the Quota Management Requests icon.

  3. Click Advanced Search and combine fields to find quotas to produce a search result.

Screen Shot 2016-11-21 at 6.49.57 PM.png

  1. Review the quota details, edit or make a request on behalf of the user.

Bulk Quota Changes

  1. Login to Eyeglass with a user in the Manage Quotas role.

  2. Open the Quota Management Requests icon.

  3. Click Advanced Search and combine fields to find quotas to produce a search result.

  4. Now click Modify Quotas button. This will allow changes based on the search results.

    1. Example a search for shares with dfs contained in the name:

Screen Shot 2016-11-21 at 6.59.21 PM.png

    1. Make the changes as % up or down.

    2. Select update and a quota update job will be submitted for the next configuration replication cycle to apply the changes.

    3. This is a very powerful feature that works across clusters. Note: no undo exists.

    4. Consult the running jobs window to verify successful quota updates.

Auto Approve Quota Requests

Managing quota requests can also be a time consuming task for storage administrators. Eyeglass can now eliminate simple requests under a threshold,  always or for a period of time.  In addition Eyeglass  allows the ability to bulk approve all unapproved requests with a single button.

How to Configure Auto Approve Quota Request Mode

  1. Login to Eyeglass with a user in the Manage quotas role.

  2. Open the Quota Management Requests icon.

  3. Click the auto approve tab and check the Enable Auto Approve box.

  4. Configure the %  Maximum Auto Approve threshold if equal or below.

  5. Click approve pending requests to approve all outstanding,

  6. Complete the Auto Approve period by selecting the from and to dates for auto approve to disable after a period of time.  

    1. Leave First Date blank for start now

    2. Leave Last Date blank to enable always.

Screen Shot 2016-11-21 at 7.04.16 PM.png

NOTE:  Any auto approved requests will be sent in daily activity report and daily quota usage reports.

Combined with share/export auto quota mode, all storage quota administration can be eliminated!

Cluster Storage Reports

This feature sends automated reports via email.

The reports can be used for chargeback and each report provides different data.  The reports present cluster, node, share/export and oversubscription usage data.

Cluster Storage Report Includes

  1. Cluster Usage image.

  2. Cluster Hardware health image.

  3. CSV of Cluster Usage and oversubscription report.

    1. This includes a sum of all hard, soft and advisor quotas and % of available disk space.  This assists with oversubscription ratio planning of quota to available disk space.

Screen Shot 2017-09-14 at 7.25.18 AM.png

  1. CSV of Hardware health (cluster and per node level reporting).

  2. Share and export usage report :

    1. Requires quota applied to the share or export directory path to be added to this report.

    2. This report shows data share usage reporting by matching quota to shares and exports.

    3. Release 1.8.3 and later - all quota CSV usage, type , path and hard, soft limits and % used.

  3. Release 2.0 and later releases adds a column to indicate quota’s use of protection overhead and snapshot over head with yes indicating the quota usage value includes one or both overheads.

    1. It is possible to create the same quota on the same path and select different Overhead tracking options.

Screen Shot 2017-09-13 at 9.32.02 PM.png



How to Run Cluster Storage Report On Demand

  1. Open Reports on Demand.

rpo on demand.png

  1. Select CSM report option to run.

  2. Report is emailed to emails configured in notification center to receive reports.

Screen Shot 2017-03-24 at 6.35.46 PM.png

How to Change Cluster Storage Report Schedule

  1. Using igls command below, default is daily report:

    1. "interval": "0 0 * * *",

    2.        "enabled": true,

    3.        "id": "StorageMonitorReport",

    4.        "label": "Storage Monitor Report"

  2. Show current schedules igls admin sched.

  3. Set  new schedule see Eyeglass Administration Guide .

How to Configure Quota Admin email to Receive Quota Reports and Quota Requests

To separate DR reports from storage management reports use the option to add recipient based on all or only Storage cluster monitor reports and requests.

  1. Open Notification center main menu.

  2. Add an email and select quota reports in the drop down list to add and only receive quota reports.

Screen Shot 2016-11-21 at 6.53.17 PM.png

Sample Quota Request to Quota Administrator

Subject: Eyeglass - Quota Modification Request has been CREATED

To: xxxx@superna.net

Quota modification request is CREATED









Requested limits   

Previous limits

  Hard: 50 MB   

  Hard: 40 MB

  Soft: -   

  Soft: -

  Advisory: -   

  Advisory: -

Requested by


Request Message

  CSM email notification test

Cluster Quota Report Includes:

  1. Quota requests are summarized in this report and batches requests into a single email sent on a schedule.

Screen Shot 2016-09-28 at 11.08.18 AM.png

How to Change Cluster Storage Report Schedule

  1. Using igls command below (default is daily report):

    1. "interval": "0 0 * * *",

    2.        "enabled": true,

    3.        "id": "QuotaRequestsReport",

    4.        "label": "Quota Requests Report"

  2. Show current schedules igls admin sched.

  3. Set  new schedule see Eyeglass Administration Guide .

Data Recovery Portal


This feature extends storage cluster monitor to allow end users to see all copies of a share or exports data stored in snapshots, not only on the source writeable cluster but also DR copies and DR copy snapshots.   Users are granted temporary share and UNC path ordered by most recent copies at the top of the list to retrieve files from snapshots no matter where they exist.  

The share will self destruct (gets deleted by Eyeglass) after a time period and temporary share is secured only to the user that made the request, using the UPN (use@ domain).  Once approved by the data recovery admin, an email with access is sent to the user.  The access is read-only.

This feature has the same workflow as Quota portal.

  1. Users are granted the role of User Data Recovery in the uses icon.

  2. Users login to see a list of shares or exports across all clusters.

  3. Shares and exports are displayed by SmartConnect name, since most users know how to access data using the SmartConnect name or names configured.

  4. Select the SmartConnect name and expand it.

    1. Select the share or export to display all available snapshots with date and time.

    2. Select all that should be sent in access email.

    3. Select request access:

      1. Request text or reason.

      2. Email address and submit.

    4. User requests now become pending.

  5. Users can select history of requests.

  6. Administrators can login and approve or deny requests.

    1. Approval triggers an email and temporary share creation process.

Overview Video

Data Recovery Manager Video Demo

How to Configure SmartConnect Zone or Default SmartConnect Zone Used for Temporary Recovery Shares

  1. The Settings tab on Data Recovery Manager will allow adding and FQDN that will be used to create recovery shares, and will be the UNC that is sent to the user email.

    1. If FQDN setting is not present, The first matching System zone pool will be used to select a UNC for the mount name.

    2. If the FQDN setting is set Eyeglass will scan the pools on the clusters under management, and if the FQDN matches a non-system zone pool, the recovery shares will be created and use that Access Zone when creating recovery shares.

  2. Note: If active recovery shares exist, changing this FQDN for UNC path will be blocked.

How to Use Data Recovery Manager - As admin Role

  1. Login as admin user to see the icon or follow How to Create the RBAC Roles  in portal configuration in this guide to setup an RBAC role .

  2. Expand cluster and SmartConnect names to see which shares and exports are detected.

Screen Shot 2017-01-22 at 7.15.08 PM.png

  1. Select a share or export to see all copies of the data (snapshot, DR copy, DR snapshot copy).

    1. Note advanced search button to find shares or exports by name, path cluster etc… to find data faster.

    2. Select one or more copies of data to gain access to click the Request Access button.

Screen Shot 2017-01-26 at 12.52.44 PM.png

      1. Enter UPN user@<domain FQDN> (this stores the record for this user in the database).

      2. Enter User email address to send request updates.

      3. Comment on why access is required or note to user from the administrator.

How to Review and Approve Data Recovery Requests

  1. Login open Data Recovery Management Icon.

  2. Click Pending Requests.

  3. Review a pending request and click approve or deny.

Screen Shot 2017-01-22 at 7.22.22 PM.png

  1. Once approved the request moves to the Request History tab where it will stay.

  2. The approval will generate a share named as follows on the snapshot path:

igls-<original share name>-<UPN>-<number to increment and make sure unique) of the user.

Screen Shot 2017-01-26 at 12.58.05 PM.png

  1. The user receives an email with UNC path that can be used to access the data.

  2. The share is secured as read-only to the user account (see above).

  3. Share will be deleted after expiry time, see below how to configure.

How to Review History for Data Recovery Requests

  1. Login open Data Recovery Management Icon.

  2. Click Request History.

Screen Shot 2017-01-26 at 1.00.17 PM.png

  1. Review requests by user.

  2. The Clock icon can be used to delete the shares before the auto expiry time of the shares.

How to Configure  Data Recovery Share Expiry and Auto Approval Mode

  1. Login open Data Recovery Management Icon.

  2. Click Auto Approve tab.

  3. Click Enable Auto Approve in the Enable/Disable Auto Approve section.

  4. In the Auto Approve section select First Day and Last Day.


If First day is left blank, start now is implied.

If Last Day is left blank forever will be implied.

  1. In the Share expiry period section select auto delete in days from approved requests. Default is 2 days before access to recovery data is removed.

NOTE:  Selecting 0 Days before expiry the recovery share will not be deleted by Eyeglass.

Screen Shot 2017-01-22 at 7.25.32 PM.png

How End Users Access Data Recovery Shares

  1. Users login to portal and supply ad domain login using proxy login.

Screen Shot 2017-01-26 at 1.09.01 PM.png

  1. Open Data Recovery Icon.

  2. Browsed SmartConnect names to find UNC path used to access data that needs to be recovered.

  3. Select share example SMB2 share access normally through prod.ad1.test SmartConnect name.

    1. Review list of data snapshots (snapshot or DR copy of data).

Screen Shot 2017-01-26 at 1.10.03 PM.png

    1. Click Request access and submit email and reason for access.

    2. Once the access is approved an approval email with new unc path and custom share name is emailed for each copy of data requested.

      1. See below of sample email example.

      2. Users can now mount the \\unc path example \\SIQ-Prod.ad1.test\igls-SMB2-dfs1@AD1.TEST-1

Screen Shot 2017-01-26 at 12.59.20 PM.png

Sample End User Data Recovery Email

(Sent to end user after request)

Eyeglass Data Recovery Management - PENDING

demo@superna.net <demo@superna.net>

Sun, Jan 22, 2017 at 3:44 PM

To: xxxx@superna.net

The Data Recovery Request is PENDING



Share Name






Snapshot Name


Requested by


Request Message

  files please



Sample End User Data Recovery Approved Email

Eyeglass Data Recovery Management - APPROVED

2 messages

demo@superna.net <demo@superna.net>

Thu, Jan 26, 2017 at 12:54 PM

To: xxxx@superna.net

The Data Recovery Request is APPROVED

The Recovery share has been created here: \\SIQ-Prod.ad1.test\igls-SMB2-dfs1@AD1.TEST-2

Please allow a few minutes for the settings to take effect



Share Name






Snapshot Name


Requested by


Request Message

files please