-
EMC Secure Remote Support (ESRS)
ESRS support enables secure, high-speed, 24x7, remote connection between EMC and customer installations, including:
-
Remote monitoring
-
Remote diagnosis and repair
-
Daily sending of system events (rsyslog output), alerts, and
PowerFlex topology
-
Syslog
The MDM syslog service can send events, via TCP/IP, to RFC 6587-compliant remote (or local) Syslog servers. Messages are sent with facility local0, by default. Once the syslog service is started, all events will be sent until the service is stopped.
-
Get Info
Get Info assembles a ZIP file of system logs for troubleshooting. You can run this function from a local node for its own logs, using the CLI, or by using the
PowerFlex Installer to assemble logs from all MDM and SDS nodes in the system. In addition to the log files, a visual snapshot of the
PowerFlex GUI, from the time you perform the operation, can be saved, to better enable support options.
The Get Info function is described in the
Log Collection Guide.
-
Quality of Service (QoS)
You can adjust the amount of bandwidth and storage that any given SDC can use. You can configure this with the CLI and the REST interface, on a per client/per volume basis.
-
Running Remove script on system via Gateway
In
PowerFlex Gateway, you can run a user provided script as part of the Non-disruptive orchestration process (like NDU), which is usually intended for OS patching. This is only supported on Linux, specifically: RHEL and SLES.
Using this feature includes two main steps:
- To manually copy the script file to each
PowerFlex host using these script names:
- patch_script
- verification_script
- Copy the script to the
~/lia/bin folder and add execution permissions.
RC codes are saved in the LIA log and an error is returned if needed to the Gateway.
- Execute the scripts from
PowerFlex Gateway.
NOTE:You need to test the patch_script and verification_script before running the process on the
PowerFlex Gateway
-
Background Device Scanner
The Background Device Scanner ("scanner") enhances the resilience of
PowerFlex by constantly searching for, and fixing, device errors before they can affect your system. This provides increased data reliability than the media's checksum scheme provides. The scanner seeks out corrupted sectors of the devices in that pool, provides SNMP reporting about errors found, and keeps statistics about its operation.
When a scan is completed, the process starts again, thus adding constant protection to your system.
For Fine Granularity (FG), the Background Device Scanner is enabled by default. It goes through a cycle of each SSD and compares the physical checksums against the data in the Logs and Metadata. The Bandwith Limit is set to 1024 KBs by default.
You can set the scan rate (default: 1 MB/second per device), which limits the bandwidth allowed for scanning, and choose from the following scan modes:
-
Device only mode
The scanner uses the device's internal checksum mechanism to validate the primary and secondary data. If a read succeeds in both devices, no action is taken. If a faulty area is read, an error will be generated.
If a read fails on one device, the scanner attempts to correct the faulty device with the data from the good device. If the fix succeeds, the error-fixes counter is increased. If the fix fails, a device error is issued.
NOTE:
A similar algorithm is performed every time an application read fails on the primary device.
If the read fails on both devices, the scanner skips to the next storage block.
-
Data comparison mode (only available if zero padding is enabled)
The scanner performs the same algorithm as above, with the following additions:
After successful reads of the primary and secondary copies of the data, the scanner calculates and compares their checksums. If this comparison fails, the compare errors counter is increased, and the scanner attempts to overwrite the secondary device with the data from the primary device. If this fails, a device error is issued.
The scanning function is enabled and disabled (default) at the Storage Pool level, and this setting affects all devices in the Storage Pool. You can make these changes at anytime, and you can add/remove volumes and devices while the scanner is enabled.
When adding a device to a Storage Pool in which the scanner is enabled, the scanning will start about 30 seconds after the device is added.
-
AD over LDAP or LDAPS authentication
User authentication may be done using AD (Active Directory) over LDAP (Lightweight Directory Access Protocol) or LDAPS (Secure LDAP).
PowerFlex can support both AD users that are fully controlled through the customer’s existing centralized location, and local users (as has been supported in earlier
PowerFlex versions). You can associate groups from the AD with the existing
PowerFlex roles in order to ensure the Role-Based Access (RBAC) model. When a user logs on to
PowerFlex, the MDM identifies that the user belongs to the AD domain, and authenticates the user against the AD server over secured communications. Once the user is authenticated,
PowerFlex accepts the group to which the user belongs according to the AD, and associates the appropriate role and its user permissions to that user. The AD implementation is fully redundant.
NOTE:
The authorization permissions of each role are defined differently for local authentication, and for LDAP/LDAPS authentication.
The benefits of using AD over LDAP/LDAPS include:
-
Full control of
PowerFlex users through the main user repository
-
No need to specify a local user for each customer
If the AD directory is down, the administrator can always use local users to maintain
PowerFlex.
-
LDAP for LIA
You can deploy a system with a LIA user already configured to use LDAP. After upgrade, you can switch LIA from local user to LDAP user. You can add\remove up to eight LDAP servers.
- Multiple LDAP support in the Gateway
For post deploy, use the FOSGWTool to add LDAP servers to the Gateway login authority. You can add\remove up to eight LDAP servers.
-
Oscillating failure handling
The Oscillating Failures feature detects and reports various oscillating failures, in cases when components fail repeatedly and cause unnecessary failovers, and therefore disruptions to normal system operation. Typical examples of oscillating failures include:
-
A disk that accepts some I/Os and rejects others
-
A node with interrupted connectivity
-
A node that is constantly busy and therefore handles some I/Os too slowly
-
A disk that is sometimes slow to respond
-
A network that is experiencing disruptions
The smart detection of such failures provides the ability to handle error situations, and to reduce their impact on normal system operation. Oscillating failure handling can be set for MDMs, SDSs and for SDCs. For SDSs, failure handling can be defined per Protection Domain or per Storage Pool.
-
Oscillating failure counters
The following table describes the oscillating failure counters:
Oscillating failure counters
| Description |
---|
(sds_sds/sdc_mdm/sdc_sds/mdm_sds) network_disconnections | Measures the number of network disconnections (socket closed) between two components per IP address |
sds_decoupled
| Measures the number of times an SDS process is down, as detected by the MDM
|
sds_configuration_failures
| Measures the number of times the MDM fails to configure an SDS, when connecting to an SDS (failures occur during the reconfiguration phase)
|
sds_receive_buffer_allocation_failures | Measures the number of times an SDS fails to allocate buffer for receiving messages
|
sdc_long_operations
| Measures the number of SDC RPC operations that take longer than the predefined threshold (default threshold is 5 seconds)
|
sdc_memory_allocation_failures
| Measures the number of memory allocation failures in each SDC
|
sdc_socket_allocation_failures
| Measures the number of socket allocation failures in each SDC
|
sds_device_long_successful_ios
| Measures the number of successful IOs to an SDS device, which take longer than the predefined threshold (default threshold is 250 milliseconds)
|
-
Secure connectivity with external components
This feature allows external components to authenticate the MDM. After authentication, communication between the MDM and external components is performed using TLS (Transport Layer Security) protocols.
Secure communication with the MDM is authenticated by the following components:
-
CLI client
NOTE:
If the secure mode is not enabled, modifications are necessary to run SCLI commands.
-
PowerFlex Gateway
-
PowerFlex GUI client
-
PowerFlex Installer client
Once added in the trust point, all communications will require authentication, followed by communications over TLS. The same method is employed between the
PowerFlex Installer and all LIAs.