Element OS 8 New Features : Security [1/2]

pgcd4 SolidFire released Element OS 8 – Codename “Oxygen” last week and customer upgrades are beginning now.

 Seminal Peter Gabriel Albums and Security

 We have a lot of innovation in Element 8, the features can be tagged under two key areas : Security and Protection.

And that is the album cover you see here – Peter Gabriel’s 4th solo studio album – reluctantly tagged with the name “Security” for the USA market. A seminal album in some ways for its use of electronic tools (Fairlight etc) with “I Have the Touch” – a song I like very much indeed – being a key part of the album : https://www.youtube.com/watch?v=5B94c6CRcwU

QoS + vLANS : Dedicated Performance, Shared Economics

Esoteric 80s album references aside, with a highly-shared storage environment SolidFire QoS has always bought a critical kind of storage security: manage multiple customers on one shared platform, without denial or degradation of service by greedy storage IO consumers.

Traditionally other storage platforms offer vLANs so one storage array can be split over many provider networks. In Elements 1 to 6 we offered QoS and CHAP as a way of dividing storage Element 7 we added limited vLANs (16) and now in Element we got serious : 256 VLANs and full UI management.

You can now have the benefits of QoS – offer performance guarantees to customers/BUs – and now you can divide potentially a vast number of varying QoS levels over a wide range of separated provider networks.

How does this look? So firstly we set our QoS (min/max/burst) then we can create vLAN/provider networks. Dedicated performance, shared economics. You can now effectively create multiple pools of storage performance and chip those up between customers and departments as if they have a dedicated SAN. And then change the performance characteristics on the fly…

ele8qos

             

 

 

 

 

 

vlan1













Encryption at Rest & AAA Enhancement

Since Element 4 it has been possible to encrypt data-at-rest on SolidFire. One button press and we enable security keys on the drives (256 bit AES) and distribute those keys over the SolidFire cluster.  Many customers write this into their SLAs knowing the extra protection it affords their clients. 

encrest






We have now added some extra controls and features – Once you have security at rest, most people then consider the AAA part of the solutions (Authentication, Access Control and Audit). Firstly we have enhanced our Cluster Administration authentication to include AD/LDAP authentication, linked the simple roles we offer. For many of the automations you can perform with SolidFire it is not necessary to be a full cluster administrator anyway – this takes it further and picks up AD authentication with is standard for a lot of Enterprises.

AdAuth

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

You can choose up to 4 LDAP servers and specify many of the parameters needed to LDAP. Once you have this in place you can still have local administrators and LDAP administrators as needed.

ADlocalandLDAP






NewLDAPuser











 

Finally then we have increased our Audit capabilities. One of the cool parts of SolidFire is you can either use our tooling – ActiveIQ – for your dial-home and overview management platform – or traditional systems like syslog (ELK stack maybe, Splunk) SNMP (Netcool, SolarWinds, Nagios) – and both at the same time if you wish. One gap previously was audit capabilities around bad logins for both ISCSI and Admin access. These have now been added and are available through all of the methods.

badiscsiauth




 

Part 2: coming shortly…”Protection”

As I said, two key areas to our release – Protection coming in part 2…

Spread the word. Share this post!

Leave A Reply

Your email address will not be published. Required fields are marked *