Eyeglass Cluster Storage Monitor

Eyeglass Cluster Storage Monitor





Overview


Eyeglass Cluster Storage Monitor is a new product with the Eyeglass platform to simplify multi cluster management with the initial release focusing on storage consumption, and storage tier usage, cluster health, data migration and self serve user quota management system.

As data grows, and clusters are deployed in remote locations, better tools to automate the display summary usage and quick search across multiple clusters for share and export usage.    

Key requirements to reduce the administration cost by simplifying storage reporting and health check at a glance, data migration to allow data and configuration to be seamless moved between access zones or clusters and the ability to remove manual steps from quota administration.

This solution can be used for quota storage chargeback with reporting for all quotas, utilization, share and export overlap with quotas.

What's New


See What new features are coming with each new release here

Overview Video


Cluster Storage Monitor Overview

License Requirements:


  1. Existing cluster licenses for DR Configuration Replication, each cluster will be enabled

  2. License key activates all licensed clusters, maintenance purchased separately

  3. Trial key limits

    1. Storage by share/export tab will only display shares or exports with Name OR with a path that includes pattern of igls-quota-sharename or /ifs/data/somepath/igls-quota-export1

    2. The Product license key is global and activates all clusters under management with valid cluster license and removes share or export name limitation used only for lab testing or trial of the feature

    3. Data-ReOrg feature will allow migration from any source zone to a target access zone with a name that begins with “EyeglassMigrationZoneTrial-xxxx” where xxxx can be any string.  In addition trial keys are issued with object count that allows a subset of the objects to be migrated.  A count of 10 objects will allow selection of only 10 share,export,quota found on a path for migration and any objects over this count will not migrate.  The objects migrated are previewed but can not be selected to be a specific 10 objects.  The full product version removes this restriction.



Storage and Cluster Monitoring Features and Usage


The following section shows how to use  the capacity and cluster hardware views.



How to See Cluster Storage Utilization Summary and Hardware Health


  1. Open Cluster Storage Usage icon

  2. Cluster Storage tab displays summary of utilization

  3. Cluster Storage Hardware tab displays clusters, OneFS version, nodes disk usage, Storage pools and utilization per item once expanded, along with cluster health status. Expand clusters to see nodes and health.

    1. Green - ok

    2. Yellow - Needs Attention

    3. Red - Fault or failure

  4. Remaining columns show Total, used %, SSD used, SSD Size , SSD available space

  5. Screen Shot 2016-08-25 at 8.57.55 PM.png

  6. Screen Shot 2016-08-25 at 8.58.28 PM.png



How to Manage storage by the share or export


Storage administrators and end users know the storage location based on export or share name not path.  This feature allows all shares, exports with quotas assigned to easily search and find share or exports and display the latest utilization of the quota (any type of quota).

  1. Type the zone:share/export name to easily find shares and exports across any managed cluster

    1. Screen Shot 2016-08-25 at 8.32.15 PM.png

  2. Future release will create advisor quotas automatically when any shares or exports are created on the cluster eliminating manual quota creation steps.

  3. How to interpret the % shown per share or export.  This represents the % utilization this share represents of the “Used” storage on the cluster and includes dedupe applied to the quota path.

    1. Example if 1GB is used of cluster capacity and a share called SMB-data quota utilization is 500MB then the % contribution to consumption by this share is 50%

Screen Shot 2016-06-13 at 8.41.06 PM.png

Automatic Share & Export Advisory Quota mode


This completely automates management of storage by share or export by detecting any new share or export without an advisor quota and creating it automatically.  This ensures the quota reports are 100% update date, tracks all shares and exports.  Requires no administration or process to enable quotas.

Use Cases

  1. This can also be useful with Storage Quota portal when not all shares have quotas applied.

  2. Defaults to disabled

  3. Automatically removes quota of share or export is deleted, path changed

How to enable auto quota mode

  1. Ssh as admin user to appliance or use web shell from main menu

  2. igls adv  quotas help

  3. igls adv quotas (see current values)

  4. igls adv quotas set --quotasync=true  (this enables the feature, false to disable)

    1. igls adv quotas set set --quotasyncdelete=enabled (defaults disabled, valid values are enabled/disabled/advanced)

    2. Disabled means no quotas will be deleted after share or export delete, they must be deleted manually

    3. Enabled When a share is deleted, this mode deletes all quotas in that path unless another share exists in the same path NOTE: do not enable quota sync delete unless you are sure you can.  This mode will detect a share being deleted and delete all quotas at this path and below in the file system.

    4. (recommended mode) Advanced When a share is deleted, this mode deletes only eyeglass created quotas in that path unless another share exists in the same path.


Data Migration - Data Re-Org Feature Usage


This feature is accessible from the jobs window and is not included in Enterprise license keys by default as of 1.8 or later releases.

Screen Shot 2016-08-26 at 7.49.58 AM.png


For administration guide on this feature please see the Access Zone Migration Admin Guide.


How Deploy a Quota Chargeback Solution


The Cluster storage Monitor addon can be used to build an AD integrated chargeback solution.  New report includes CSV for charge back capabilities and all limits and % usage included for easy sorting and reporting.

Sample Charge back Report

Screen Shot 2017-03-24 at 6.32.16 PM.png



The first step is creating shares with AD group permissions that grant business unit owners at least read access to all storage they are responsible to manage.  This ensures that login to the quota portal will display all quotas, shares at the department level and below.  See the example below.

  1. Dept X has a share and several sub folders with directory quotas (no shares on these paths)

    1. Dept X Manager AD account has permissions to the Department X share and can also view each sub folder quota in the user portal.

    2. If additional shares exist below the top level share these will also display to the manager user account

  2. Dept Y user will be able to see quota usage on the share and child directory quotas but will NOT be able to see Dept X shares or directory quotas since no AD permissions grant access.

  3. NOTE: Everyone full control shares can be hidden if required from all users





Example of 2 Tier access and reporting on quota usage


The example below shows 2 tier access within a department.


Quota and Data Recovery User Self Serve Portal


This feature allows administrators to publish a webpage on Eyeglass or use web widget to export the and user quota self serve portal interface to any web server, example help desk web page for end users.


Prerequisites:


  1. Eyeglass appliance with all clusters added where quotas will be managed

  2. The Isilon discovery license (per cluster or per node) must be added to allow all clusters to be managed by the quota or data recovery portal

User Type Definitions


  1. Quota Manager - User type that can login and  request group share quota increases on behalf of other users

  2. Data Recovery Manager - User type that can login and approve data recovery requests submitted by users or create recovery tasks on behalf of users.

  3. End user Quota- individual users that can login and request shares OR group shares of which they have permissions.

  4. End user Data Recovery -  individual users can login and request data recovery on shares or exports   

  5. Quota Admin - User type that is allowed to approve quota requests

How Quota and Data Recovery Portal Works


See below for workflow of quota request, approval and activation and the data recovery request approve, deny.



How Quota and Data Recovery Portal Discovers User Shares


It's important to understand how the portal works to design a solution that meets your business  requirements.

The details work flow:

  1. Both Portals - Users login to the portal with an active directory user account and supply their password.  

    1. The password is used to validate the use is who they say they are and uses the managed device smartconnect fqdn to map the user to an access zone authentication provider

    2. The login password is encrypted end to end including while in ram on the appliance.

    3. The login process uses cifs (SMB) native login protocol , the same one used to authenticate to shares on the Isilon.

    4. Once the password is validated, the login session is torn down.

    5. RBAC role is checked to see if Data Recovery and Quota portal icons should be shown to the user

  2. Quota portal Now the appliance uses elevated permissions using appliance cluster service account, to query the user account name via Isilon API to return Active Directory user Sid and all group memberships and Sid’s.

  3. Quota portal  This information is then used to find shares and group shares across all managed Isilon cluster(s) connected to the appliance.

    1. This enables a corporate wide name space for disk space management regardless of the cluster the data is stored on. NOTE: this requires the same AD domain auth provider used across all clusters.

    2. NOTE: default mode does not display the well known sid everyone shares but this can be enabled if required.

    3. NOTE: in 1.8 and later deny permissions on a share will remove the share from the users list of shares (by group membership or username)

  4. Quota portal The user portal now displays all detected shares for the logged in user along with the current quota type and usage.

    1. NOTE:  Quotas below the share path will also be detected and listed for users to edit or make requests.   This ensures that even sub directories below a share can be managed by the user and provides visibility

  5. Data Recovery portal The data recovery  portal now shows all shares (even without quotas).

  6. Quota portal The user can select a share and enter requested modified quota and the % increase (or decrease ) is displayed to the user.

    1. Complete the inputs , comment and email address to be notified once the request is processed.

  7. Quota portal The request is now routed to the configured quota group list setup in the Notification Center for approvals

  8. Quota portal The request can be approved or denied and in either case it will be logged and email sent to the user of the status.

    1. If approved the eyeglass appliance, marks the the quota as approved.

      1. Each configuration sync cycle finds all approved quota’s and then applies them to the cluster and changes the status to “Fulfilled” status in the users pending and history requests view.   Default interval to apply approved quotas is 5 minutes. This can be changed with an IGLS CLI command. Consult the administration manual for details on changing scheduled tasks.

    2. If denied no action other than an email and logging

    3. All requests are stored in a database that allows the user to see previous  requests once they are logged in.

    4. Users can review  pending requests that have not been processed by the administrator in the user portal.

  9. Quota portal Appliance Administrators with the eyeglass appliance quota management permission can open the quota admin icon to review pending requests for approval or deny with comment.

    1. NOTE: RBAC user roles in eyeglass allows separation of quota management from DR operations.  

  10. Data Recovery portal -  Logged in user has all smartconnect names for shares the user has access too (includes everyone shares if enabled) (shares and group shares).

    1. User selects share or exports (visible under the smartconnect name selected)

    2. User selects snapshot(s) to include in the recovery access email.

    3. User can see all snapshots regardless of the cluster, example Prod and DR clusters that have snapshots, include the DR copy itself are included in the list with date and time stamp.

    4. User submits request for access

    5. Receives email of the pending request

  11. Data Recovery portal - Administrator with data recovery approval RBAC role can approve the pending requests

    1. Pending approved requests have email sent to the user with temporary share, secured to the user, and created by Eyeglass on all required clusters

    2. The email includes UNC path and ordered list of access to the data and time period access will be allowed

  12. Data Recovery portal  Eyeglass deletes shares after time period expires


Best Practises:

  1. Use quota management user role to delegate quota management to quota manager role within each business unit to reduce IT admin costs of disk space.

  2. Use data recovery management user role to delete data recovery requests to business unit to reduce IT admin costs of managing data recovery

How the Portal can be assessed

The quota or data recovery portal is accessible in 3 ways.

  1. Login to eyeglass appliance with a user that that has a quota Role assigned

    1. Screen Shot 2017-01-22 at 4.19.26 PM.png

    2. This may not be desirable to expose the Eyeglass appliance to end users due to IP routing or firewalls.  If this is the case we recommend the 2nd option below.

  2. Eyeglass URL dedicated to quota end user logins, this url is described below and allows Eyeglass to host the web widget directly on the appliance VM

    1. The default url is https://x.x.x.x/

  3. (not available yet) A web widget that leverages the Eyeglass API to allow corporate web or support page to display portal login and quota request portal.  The web widget html code is cut and pasted from the Eyeglass API menu, once an API token for the widget has been created.  You select the API token and the quota widget from the menu to display the HTML code needed for the external web server to display on a page.  See the Admin guide for details on how to use Web widgets

    1. Screen Shot 2016-09-10 at 11.26.07 AM.png



How to Configure Quota or Data Recovery Self Serve Portal


This section covers how to configure authentication, roles and user login options.

Selective Access Zone Authentication Quota Management Support


This enables administrators to decide which access zone smartconnect zone is used for end user authentication.   It also ensures debugging authentication is easier to manage with only specific FQDN smartconnect zone names used in a specific order for user login.

The solution avoids users needing to know which cluster or name is used for authentication and uses a list of smartconnect FQDN’s that Eyeglass will use when authenticating end users.  

Rules on FQDN Usage

  1. These FQDN’s should match the smartconnect zone name exactly as configured on Isilon IP Pools

  2. Add one per Access Zone that will have Quota portal services enabled

How to configure Smartconnect FQDN Authentication  List

  1. In order to allow enable specific access zones for quota management support, we recommend placing the smartconnect FQDN name in the Eyeglass configuration using igls adv commands to target authentication requests directly to the access zones smartconnect names.

    1. This will speed up the authentication process and target only access zones that require quota login services

    2. To add a smartconnect FQDN for authentication to the configuration in Eyeglass

      1.  For checking fqdn list:   igls admin auth

      2.  For adding a new fqdn: igls admin auth add --fqdn <name>

      3.  For changing a fqdn:     igls admin auth modify --fromfqdn <name> --tofqdn <newName>

      4.  For deleting a fqdn:       igls admin auth delete --fqdn <name>

      5.  For deleting all fqdn's:   igls admin auth delete --all true

  2. NOTE: Eyeglass must be able to resolve the FQDN smartconnect name entered into the igls commands and should be tested with NSLOOKUP before going into production with quota portal along with authentication tested.

    1. Example Open Eyeglass Shell

    2. Nslookup <fqdn from the list>  should return an ip address correctly


Authentication Process Configuration and Design Considerations


  1. When users authenticate, they enter Active Directory Login using user@domain.com  or domain\username syntax and enter their normal AD password used to access shares.

  2. The authentication process follows this order of authentication:

    1. Using the proxy login UI option

      1. Screen Shot 2016-10-06 at 1.59.08 PM.png

      2. If the ip address field is left blank, then administrator configured FQDN list is used.  See below.  It's possible to override and enter an ip or FQDN for testing purposes.

    2. Reads smartconnect FQDN list from the list added with igls commands and sequentially sends user authentication to each smartconnect FQDN entered (in the order it was entered in the file).

      1. If the login succeeds on the first FQDN smartconnect entry, authentication process exits and moves on to detecting the user's user and group shares

        1. The FQDN that was successfully authenticated is then matched to the Access Zone (using the eyeglass database).

        2. User and group shares are now checked using the access zones, assigned authentication provider domain.

      2. If login fails, then next FQDN smartconnect name is used and so on.

      3. If no FQDN smartconnect name entries exist Eyeglass will attempt to authenticate the user with the IP (SSIP or FQDN used to add the cluster to Eyeglass), using the same process as above until all attempts to authenticate have been completed.

      4. If none of the above succeeds, authentication will fail and user will see an error message.

  3. User Group Detection:

    1. Now that the user has been validated the detection of groups proceeds as per below.

    2. Once authentication has been validated using netbios SMB login protocol to the smartconnect zone, Eyeglass will now use REST API to the cluster SSIP or FQDN using service account credentials used to add the cluster to Eyeglass, to retrieve user and group membership from Active Directory Authentication provider.

      1. The access zone domain is looked up by the FQDN that authenticated the user account from the Auth list setup in Eyeglass.

      2. Eyeglass sends user and group membership query to the isilon and uses the AD domain from the IP pool that matched the FQDN that successfully authenticated the user.

    3. This information is used to detect shares, group shares and quota’s to display to the user.  OP used to filter the data recovery share list to the user.



Multi Access Zone Authentication Example




Self Serve End User Quota or Data Recovery Request Permissions


In order for end users to be granted permission to manage their own quotas or group share quotas or data recovery capabilities.  They require an Eyeglass role for End user to login.  This allows control of who can request quota increase or make data recovery requests.  See below for steps to create this role.

How to Assigning Self Serve Eyeglass Quota or Data Recovery Role to End users


Users accounts Supported

  1. AD Individual users (user@doman.xxx)

  2. Isilon Users

  3. AD Groups (groupname@domain.xxx)

  4. Isilon Groups  


How To create the RBAC Roles

  1. Create Active Directory group or use an existing group for granting this permission

  2. Login to Eyeglass as admin user

  3. Open User Roles Icon from the desk top

  4. Create new role example Quota Users

    1. add AD Group name to the group section of the role

    2. Or add to user section of the role definition.

  5. Select the User Storage permission to assign and click save. See below

    1. Screen Shot 2017-01-22 at 4.19.26 PM.png

  6. Role Use Case Best practices:

    1. If only group shares need to be managed and no end users require access, then individual AD users that are authorized to manage quotas for the group can be added to the role.  

    2. If Data recovery requests should be managed by a centralized business unit person or IT admin then use per user permissions for this role.

    3. More than one user can be added.  

    4. Or use AD group for more efficient management of the permissions.

    5. These Quota Manager users must have share access to the group shares they manage on behalf of the user community that access this group share.   

    6. This enables the quota manager user to request disk space on behalf  of all users that access the group share.

    7. Data Recovery admin role also allows requesting access to data on behalf of users and can be used and not give access to end users.

Global User Portal Access Role Configuration


Use this option when AD group does not exist and all users in a domain should have access to the portals to login.  This can be accomplished with the steps below.


  1. Login to Eyeglass as admin user

  2. Open User Roles

  3. Create new role with name “quota users all”

  4. Click the “All Users” checkbox.

    1. Screen Shot 2016-10-05 at 7.35.15 AM.png

  5. Save the role.

  6. Note:  This option will validate a user login ID and password only on login and will proceed to detect shares and group shares without checking role membership.

  7. Any user that has a valid domain login and password can now login.

Global Option To Enable all users in Active Directory Access to User Portals


Since Shares secured to everyone full control or other permission maybe shared with a lot of users, this option disables showing these shares to end users by enabling everyone shares flag to hide them from the user UI.

  1. This option can be set in using igls adv command to allow all authenticated users to login without need to create a role and assign users to a role.  

    1. This means any user that can successfully login to an AD provider on a Managed cluster in eyeglass will be allowed to login and have shares detected and displayed.

    2. igls adv qsseveryoneshares set --everyonefullcontrolshares=<value>  true or false  (NOTE: change takes effect in the UI real-time, no need to restart any process)


End User or Quota Manager Portal Login and User Experience

  1. The User portal solution is built into Eyeglass UI and RBAC roles.  A web widget will also be available to display on any corporate webpage. Example help desk web page.

    1. How to login from eyeglass main login requires managed device login (click banner at the bottom). Login screen changes to the below example.

      1. Both user@<domain name> FQDN OR domain\user syntax is supported for login

    2. Screen Shot 2016-09-10 at 8.20.31 AM.png

    3. Screen Shot 2016-09-10 at 7.28.53 PM.png User Storage Icon for making requests

    4. Once Logged in the users can see:

      1. shares and group shares usage with option to request additional capacity

      2. Pending requests not yet approved or denied

      3. History of all requests for the logged in use

    5. Share list display

      1. quota2.png

    6. User Request Screen

      1. quota1.png

    7. Example usage screens

      1. Screen Shot 2016-09-10 at 8.19.48 AM.png

      2. Screen Shot 2016-09-10 at 7.40.40 AM.png

      3. Color coding is used to represent % of quota limits

        1. 0%  - 60%: green

        2. 60% - 90% : orange

        3. 90% - 100%: red




End User or Manager Data Recovery Portal Login and User Experience


  1. The User portal solution is built into Eyeglass UI and RBAC roles.  A web widget will also be available to display on any corporate webpage. Example help desk web page.

    1. How to login from eyeglass main login requires managed device login (click banner at the bottom). Login screen changes to the below example.

      1. Both user@<domain name> FQDN OR domain\user syntax is supported for login

    2. Screen Shot 2016-09-10 at 8.20.31 AM.png

    3. Screen Shot 2017-01-22 at 7.01.13 PM.png

    4. User Data Recovery Icon for making requests

    5. Once Logged in the users can see:

      1. Smartconnect names with shares and exports displayed as children

      2. Pending requests not yet approved or denied

      3. History of all requests for the logged in use

    6. Smartconnect names by cluster

      1. Screen Shot 2017-01-22 at 7.02.27 PM.png

    7. User Request Screen

      1. Screen Shot 2017-01-22 at 7.03.29 PM.png





Quota or Data Recovery Administrator Portal Configuration


Can be accessed from eyeglass main login,  supports RBAC role to provide quota only administrator permissions within the Eyeglass desktop and block all DR related functions.

See RBAC guide.

  1. Setup email notification in Notification center with an SMTP server, see quick install guide.

    1. Allows Eyeglass to send Quota request emails to administrators and responses to admins that have quota report checked off in notification center

    2. Quota approval, deny summary emails for daily summary report to administrators defined with Quota admin report checked off

    3. Enable Data Recovery reports and assign email to receive data recovery request summary reports

  2. Administrators (admin) or user account with quota management role in Eyeglass can access the quota admin icon to view and approve quota requests for clusters added to Eyeglass

    1. quota3.png

    2. Administrators can view requests by cluster, and approve or deny with comment, the user will be notified based on the email they submitted.

  3. Administrators (admin) or user account with Data Recovery management role in Eyeglass can access the Data Recovery Management icon to view and approve data recovery requests for clusters added to Eyeglass.

  4. NOTE: End Users that login retain a record in the requests database, if a user logs in again they can review previous requests and status.

Quota Admin - How to view approve and manage pending requests


  1. Login and open quota request Management icon

  2. Open Pending requests folder to review the previous quota and the requested changes to it.

  3. Screen Shot 2016-09-13 at 7.19.23 AM.png

  4. The options are Approve, Deny or Edit the request to change it before approval.

  5. Once approved or denied, it will move to Request History folder and email the user about the status of the request.

    1. Screen Shot 2016-09-20 at 8.49.54 PM.png

    2. Once in Approved status, Eyeglass will pickup the approved quota’s (all of them in the queue)  next configuration job run and will change apply the quota and change status to “Fulfilled” status.  See image below.

    3. Screen Shot 2016-09-20 at 10.07.04 PM.png

    4. It will also now show in request history for the user once they login to the user portal again and show them approved and Fulfilled.

  6. End or process


Quota Admin - How to view Request History


  1. Login and open quota request Management icon

  2. Open History of requests folder to review the previous quota requests and changes applied.

  3. Screen Shot 2016-09-13 at 7.19.53 AM.png

  4. It is possible to delete a history record with the delete button to remove from the database before, it's processed by Eyeglass,  this typically needs to be done within 5minutes before the next configuration sync cycle.

Cluster Bulk Quota Management Features


Managing quotas in environments with 1000’s or 10’ of thousands can create an administration effort to track and manage.  This feature along with self serve portal is aimed at reducing this cost.   This feature allows searching using various advanced search criteria across one or more clusters

Quota Advanced Search

  1. Login to Eyeglass with a user in the Manage quotas role

  2. Open the Quota Management Requests icon

  3. Click Advanced search and combine fields to find quotas to produce a search result

  4. Screen Shot 2016-11-21 at 6.49.57 PM.png

  5. Review the quota details, edit or make a request on behalf of the user


Bulk quota Changes

  1. Login to Eyeglass with a user in the Manage quotas role

  2. Open the Quota Management Requests icon

  3. Click Advanced search and combine fields to find quotas to produce a search result

  4. Now click Modify Quota’s button. This will allow changes based on the search results.

    1. Example a search for shares with dfs contained in the name

    2. Screen Shot 2016-11-21 at 6.59.21 PM.png

    3. Make the changes as % up or down

    4. Select update and a quota update job will be submitted for the next configuration replication cycle to apply the changes.

    5. This is a very powerful feature that works across clusters. Note: no undo exists.

    6. Consult the running jobs window to verify successful quota updates.


Auto approve quota requests


Managing quota requests can also be a time consuming task for storage administrators, that Eyeglass can now eliminate simple requests under a threshold,  always or for a period of time.   Also ability to bulk approve all unapproved requests with a single button.


How to configure Auto approve quota request mode


  1. Login to Eyeglass with a user in the Manage quotas role

  2. Open the Quota Management Requests icon

  3. Click the auto approve tab and enable auto approve, configure % to auto approve if equal or below.  Click approve pending requests to approve all outstanding, complete the from and to dates for auto approve to disable after a time of period.  Leave blank to enable always.

  4. Screen Shot 2016-11-21 at 7.04.16 PM.png

  5. Note any auto approved requests will be sent in daily activity report and daily quota usage reports.

  6. Combined with share/export auto quota mode, all storage quota administration can be eliminated.

Cluster Storage Reports


This feature sends automated reports via email.

Cluster Storage Report includes:

  1. Cluster Usage image

  2. Cluster Hardware health image

  3. CSV of Cluster Usage

  4. CSV of Hardware health (cluster and per node level)

  5. Share and export usage report (requires quota applied to the share or export directory path).

  6. 1.8.3 and later - all quota CSV usage, type , path and hard, soft limits and % used

    1. Screen Shot 2017-03-24 at 6.32.16 PM.png



Share_Exort_Usage.jpg

Cluster_Hardware.jpg


How to run cluster storage report On demand

  1. Open Reports on Demand

    1. rpo on demand.png

  2. Select CSM report option to run

  3. Report is emailed to emails configured in notification center to receive reports

    1. Screen Shot 2017-03-24 at 6.35.46 PM.png


How to change cluster storage report Schedule

  1. Using igls command below, default is daily report

    1. "interval": "0 0 * * *",

    2.        "enabled": true,

    3.        "id": "StorageMonitorReport",

    4.        "label": "Storage Monitor Report"

  2. Show current schedules igls admin sched

  3. Set  new schedule see admin guide

How to configure quota admin email to receive quota Reports and quota requests


To separate DR reports from storage management reports use the option to add recipient based on all or only Storage cluster monitor reports and requests.

  1. Open Notification center main menu

  2. Add an email and select quota reports in the drop down list to add and only receive quota reports

  3. Screen Shot 2016-11-21 at 6.53.17 PM.png


Sample Quota request to Quota administrator


Subject: Eyeglass - Quota Modification Request has been CREATED

To: xxxx@superna.net



Quota modification request is CREATED


Cluster

  isHOT-8

Name

  dev-zone:dev-smb-data-b

Type

  directory

Path

  /ifs/data/zones/dev-data/smb-b


Requested limits   

Previous limits

  Hard: 50 MB   

  Hard: 40 MB

  Soft: -   

  Soft: -

  Advisory: -   

  Advisory: -


Requested by

  khaled@AD2.TEST

Request Message

  CSM email notification test



Cluster Quota Report includes:

  1. Quota requests are summarized in this report and batches requests into a single email sent on a schedule.

Screen Shot 2016-09-28 at 11.08.18 AM.png


How to change cluster storage report Schedule

  1. Using igls command below, default is daily report

    1. "interval": "0 0 * * *",

    2.        "enabled": true,

    3.        "id": "QuotaRequestsReport",

    4.        "label": "Quota Requests Report"

  2. Show current schedules igls admin sched

  3. Set  new schedule see admin guide

Data Recovery Portal


Overview

This feature extends storage cluster monitor to allow end users to see all copies of a share or exports data stored in snapshots, not only on the source writeable cluster but also DR copies and DR copy snapshots.   Users are granted temporary share and UNC path ordered by most recent copies at the top of the list to retrieve files from snapshots no matter where they exist.  

The share will self destruct (gets deleted by Eyeglass) after a time period and temporary share is secured only to the user that made the request, using the UPN (use@ domain).  Once approved by data recovery admin, the email with access is sent to the user.  The access is read-only.

This feature has the same workflow as Quota portal.

  1. Users are granted the role of User Data Recovery in the uses icon.

  2. Users login to see a list of shares or exports across all clusters

  3. Shares and exports are displayed by smartconnect name, since most users know how the access data using the smartconnect name or names configured.

  4. Select the smartconnect name and expand it.

    1. Select the share or export to display all available snapshots and date and time

    2. Select all that should be sent in access email

    3. Select request access

      1. Request text or reason

      2. Email address and submit.

    4. User requests now become pending

  5. Users can select history of requests

  6. Administrators can login and approve or deny requests

    1. Approved triggers email and temporary share creation process

Overview Video


Data Recovery Manager Video Demo


How to configure Smartconnect zone or default smartconnect zone used for temporary recovery shares

  1. Igls command will allow adding and fqdn that will be used to create recovery shares, and will be the UNC that is sent to the user email.

    1. if fqdn setting is not present, The first matching System zone pool will be used to select a UNC for the mount name.

    2. If the FQDN setting is set Eyeglass will scan the pools on the clusters under management, and if the fqdn matches a non-system zone pool, the recovery shares will be created and use that access zone when creating recovery shares.

  2. Note: If active recovery shares exist, changing this FQDN for UNC path will be blocked.



How to use Data Recovery Manager - As admin role


  1. Login as admin user to see the icon or follow RBAC guide in portal configuration in this guide to setup an RBAC role

  2. Expand cluster and smartconnect names to see which shares and exports are detected

    1. Screen Shot 2017-01-22 at 7.15.08 PM.png

  3. Select a share or export to see all copies of the data (snapshot, DR copy, DR Snapshot copy)

    1. Note advanced search button to find shares or exports by name, path cluster etc… to find data faster

    2. Select or more copies of data to gain access to click the Request Access button

      1. Screen Shot 2017-01-26 at 12.52.44 PM.png

      2. Enter UPN user@<domain FQDN> (this stores the record for this user in the database)

      3. Email address to send request updates too

      4. Comment on why access is required or note to user from the administrator

How to review and approve Data Recovery Requests

  1. Login open Data Recovery Management Icon

  2. Click Pending Requests

  3. Review a pending request and click approve or deny

  4. Screen Shot 2017-01-22 at 7.22.22 PM.png

  5. Once approved the request moves to the Request History tab where it will stay

  6. The approval will generate a share named as follows on the snapshot path

    1. igls-<original share name>-<UPN>-<number to increment and make sure unique) of the user.

    2. Screen Shot 2017-01-26 at 12.58.05 PM.png

    3. The user receives an email with UNC path that can be used to access the data

    4. The share is secured as read-only to the user account (see above)

    5. Share will be deleted after expiry time, see below how to configure.


How to review History for Data Recovery Requests


  1. Login open Data Recovery Management Icon

  2. Click Request History

  3. Screen Shot 2017-01-26 at 1.00.17 PM.png

  4. Review requests by user

  5. The Clock icon can be used to delete the shares before the auto expiry time of the shares


How to Configure  Data Recovery Share expiry and Auto Approval Mode


  1. Login open Data Recovery Management Icon

  2. Click Auto Approve

  3. Click Enable auto approve and optional set start and end dates.

  4. Change temporary access share auto delete in days from approved requests. Default is 2 days before access to recovery data is removed

  5. Screen Shot 2017-01-22 at 7.25.32 PM.png


How end users access Data Recovery Shares

  1. Users login to portal and supply ad domain login using proxy login

  2. Screen Shot 2017-01-26 at 1.09.01 PM.png

  3. Open Data Recovery Icon

  4. Browsed smartconnect names to find UNC path used to access data that needs to be recovered

  5. Select share example SMB2 share access normally through prod.ad1.test smartconnect name

    1. Review list of data snapshots (snapshot or DR copy of data)

    2. Screen Shot 2017-01-26 at 1.10.03 PM.png

    3. Click Request access and submit email and reason for access

    4. Once the access is approved an approval email with new unc path and custom share name is emailed for each copy of data requested.

      1. See below of sample email example

      2. Users can now mount the \\unc path example \\SIQ-Prod.ad1.test\igls-SMB2-dfs1@AD1.TEST-1

      3. Screen Shot 2017-01-26 at 12.59.20 PM.png


Sample End User Data Recovery Email

(Sent to end user after request)


Eyeglass Data Recovery Management - PENDING


demo@superna.net <demo@superna.net>

Sun, Jan 22, 2017 at 3:44 PM

To: xxxx@superna.net



The Data Recovery Request is PENDING



Cluster

  Cluster-1-7201

Share Name

  System:SMB2

Path

  /SMB2

Type

  LOCAL

Snapshot Name

  ScheduleName_duration_2017-01-09-_02-30


Requested by

  dfs1@AD1.TEST

Request Message

  files please

Superna-Logo.png

eyeglass300x100.png





Sample End User Data Recovery Approved Email



Eyeglass Data Recovery Management - APPROVED

2 messages


demo@superna.net <demo@superna.net>

Thu, Jan 26, 2017 at 12:54 PM

To: xxxx@superna.net



The Data Recovery Request is APPROVED

The Recovery share has been created here: \\SIQ-Prod.ad1.test\igls-SMB2-dfs1@AD1.TEST-2

Please allow a few minutes for the settings to take effect

Cluster

  Cluster-1-7201

Share Name

  SMB2

Path

  /SMB2

Type

  LOCAL

Snapshot Name

  ScheduleName_duration_2017-01-20-_02-30


Requested by

  dfs1@AD1.TEST

Request Message

  please