Superna Eyeglass® DR Edition Feature list

Release 2.5.9 

  1. DR Test Mode 2.0 (Writable Snapshots)

    1. All new workflow based on Onefs 9.3 writable snapshots ​

      1. Onefs 9.3 or later

      2. Feature Overview:  On demand DR testing with copy on first write writeable snapshots enable a new workflow that is faster, consumes less storage and is available on demand.

      3. Selection of an IP pool with no access zone attached , will allow a temporary access zone created for the DR test.  A source path of data is selected to test with and a snapshot is created on this path.

      4. A new access zone is automatically created and attached to the IP pool and  all shares, exports and quotas are cloned into the temporary access zone.

      5. A writeble snapshot is created in the temporary access zone

      6. Testing can begin in seconds and only consume space for writes.

      7. Test completes  and option to clean up the temporary access zone.

  2. UI Updates​​

    1. Additional warnings for quota job usage and job type set operations​

    2. Eyeglass GUI Auto logout Time customization

  3. Jave JRE update to latest​

  4. Deprecated Features​​

    1. See Release notes.​


  1. Log parse tool in the appliance to allow for in product log parsing

  2. Log Parse Engine 

    1. The ability log parse Eyeglass backups and store historical reports.  Log parse reports includes:

    2. Summary of configuration jobs​

      1. Failover status summary and validations

      2. IP pool mappings

      3. Event rate graphs and database saving graphs

      4. Appliance memory and disk graphs

      5. Ransomware Defender Historical event CSV reports

      6. Design document auto creation for Channel Partners, License keyed Feature

  3. Smart Airgap API - user lockout API support for remote applications to request a user lockout. critical path snapshot job monitoring api support

  4. Enterprise Airgap multi vault support

  5. Deprecated reports

    1. Easy Auditor Top user GB, Top user file create and delete, record count.   Replacement is Search & Recover product for these reports.​

Release 2.5.8 GA build 2.5.8-21288

  1. Includes Updated log4j CVE patch - no requirement for remediation steps.

  2. Appliance memory configuration auto detection will compare current eyeglass inventory to the scalability limits and will raise an alarm when unsupported memory configuration is detected along with the RAM requirement needed.

    1. The scalability limits are based on synciq count, cluster count, access zone count and share/export/quota counts. 

    2. DR Assistant appliance memory configuration warning when selecting more policies in a single failover job than supported with the appliance's memory configuration.  Option to proceed or select fewer policies or increase appliance memory as per documentation.

  3. Postfix mail settings to be collected in the backup, and syslog forwarding configuration files

  4. Quota collection will default to a dedicated job and will be removed from normal configuration job and a default schedule of twice per day collection. This will increase configuration sync job performance and reduce time spent during failover jobs collecting quotas when this is not required.

  5. New log rotate on eyeglass for disk space management, new old report clean up task to remove old reports.

  6. New appliance automated migration to new appliance now supports ECA cluster IP change when the eyeglass VM ip changes

  7. Configuration data protection:

    1. 9.x clusters support configuration export feature with isi cluster config exports create.  Eyeglass will collect this automatically from the cluster and backup the configuration data in a format that can be used to restore the configuration.

  8. Security roll up patches

  9. ECA cluster disk management optimization for event retention will be reduced to reduce disk space requirements in the VM's.  Events will be buffered for 1 hour or 512 MB x 9 or 4.6 GB of event data.

Release Update 1 (GA)

  1.  Major security updates with built in secure virtual network between Eyeglass and ECA VM's.  ECA management VM GUI access now secured by authenticated proxy login over https, with no direct access, Eyeglass removes 4 open ports 2011, 2012, 2013 and 2014 are no longer required.  Removal of additional components for web sockets. Single SSL cert required for only 443 port.

  2. Security hardening covers versions of Java and other components

  3. native 9.2 support without any modifications to Eyeglass

  4. Automatic memory adjustment to Eyeglass processes if VM memory is increased.  Allocations will be handled automatically.

  5. DNS dual delegation disabled by default.  Can be enabled if needed

  6. AD Delegation validation will now execute once per AD provider vs once per access zone.  This will increase performance of Failover Readiness and reduce the number of API calls to test AD delegation permissions



Release 2.5.7 

  1. Ransomware Defender 

    1. Learning mode -  This new major feature will allow automatic user behavior monitoring and turning of Ransomware Defender based on learning algorithm that observers users and updates the configuration automatically​

      1. Extension based automatic whitelisting will build a list of extensions seen in your environment for simple review and approve work flow.  This speeds up the process of learning about the environment before enabling enforcement mode.​

    2. New update to user behavior detectors

    3. Monitor mode by user, ip or path allows any of these methods to be used to set monitor mode that offers detection alerting and snapshotting without user lockout.  This provides more flexibility and avoids the need to whitelist server based applications where lockout of the application is not desirable but still offers data protection.

    4. Support for share lockout to apply lockouts on shares secured with Authenticated users well known AD group.

    5. Banned file list searchable in the GUI and the ability to enable, disable or place a banned file extension into monitor mode. 

      1. Add custom file extensions is now supported with full 3 state support enable/disable/monitor mode​

  2. General Updates

    1. Web server hardening with default hardening applied upon upgrade fro XSS and many other vulnerabilities ​

    2. Easy Auditor Zone audit settings will be collected in support backup to allow support to see exactly how auditing is configured for each cluster and zone

    3. New Architecture for Syslog forwarding with dedicated alarm log used to filter and forward via Syslog to SIEM tools.  Historical alarm data easily reviewed in a single file.

  3. Security

    1. API audit log for all user sessions by application UI icons.  All user actions are now logged​ and web access tracks IP of user sessions.

    2. REST API for Eyeglass Automation

      1. versioned API support​

      2. New API's

        1. Run a configuration job on demand and get the status​

        2. Run a DR Readiness job and get the status

        3. Set newly discovered synciq Policy job type (auto, auto DFS or skip config)

        4. Enable or disable Config jobs

  4. DR​​​

    1. ​SyncIQ Monitor - Audits SyncIQ data sync by adding test data with timestamps to the source cluster and compares when synciq runs, and verifies timestamps on the target cluster.   This provides the highest level of confidence in your off site data.   The job is disabled by default and requires configuration.

    2. DR dual delegation now checks if the delegation was done above the smartconnect zone name.  This will walk the DNS name space to locate where the delegation was completed to locate 2 name server entries

    3. Quota failover log is created for all quota steps taken during failover and stored in the failover folder for support to quickly see exactly which quotas failed over and any errors for quotas that failed to failover.  This will speed up this resolution.

Release 2.5.6 update 2 2.5.6 build 20258

  1. RBAC 2.0 - Validates AD groups and users when saving a role change, if the AD group or user cannot be resolved an error is returned and it will not be saved.   If the user or group is resolved the SID of the user or group is saved in the configuration.    This will ensure that the login process can easily match the user or group SIDS versus the names of the user or group. 

    1. Adding users or groups with any case will now be supported​

    2. adding groups with <group name>@domain name syntax will be supported in addition to domain\group name

    3. Login will correctly identify the user group using SID or user and groups and will avoid needing to rely on the UPN login syntax.

    4. After upgrade the users and groups in the current configuration will be converted to support SID and GID 

  2. SPN AD Delegation Logging is enhanced to detect new failures in the AD delegation to computer objects.  This new logging is only visible to support and will assist in root cause of some SPN management scenarios that were not covered in previous releases.​

  3. Phone Home Logging - A new log tracks phone home issues to allow support to root cause issues faster.

  4. Easy Auditor

    1. The cluster zone audit settings will now be collected in the support backup to assist in misconfiguration scenarios.

    2. Stale NFS mount or network issues is the #1 cause of audit data ingestion failure. This release will monitor the NFS mount and automatically remount to repair stale NFS mount caused by network issues between the ECA and the Isilon cluster.

    3. OVF file will allow a 6, or 9 VM deployment to avoid the requirement to deploy the 3 VM OVF multiple times to simplify deployment.

  5. Dual DNS Delegation - This will no longer ping Pool ip to validate reachability since this was not required.

    1. Additional logging to root cause issues with DNS delegations for failover.  Support will be able to assist to root cause with this new logging.​

  6. OneFS 9.0 and 9.1 Support​

  7. Cluster Storage Monitor - Unlock my files Major upgrade.





  1. Alarm emails are now basic html, no images included - subject of email includes application name and user name if relevant to the alarm.

    1. Alarm codes now visible in the UI​

    2. Email subject includes the application name that created the alarm for alarm filtering

  2. igls command to change the severity of any alarm type, example sync jobs can generate a lot of alarms and are sent as critical. igls command can change this alarm code to major or warning on a per alarm code basis. This allows customers to lower severity of alarms without changing the global alarm severity filter settings. 

DR Edition Overview:

  1. Overlapping Access Zone Failover support (see documentation for limitations)

    1. Overlapping means 2 access zones that share the same base path with at least 1 SyncIQ policy at or below the access zone path.

  2. Major Enhancements to Quota syncing for large quota count customers

    1. Option to remove quota collection from normal share/export syncing. This is for large quota count customers to speed up the config sync and move quota inventory detection to a separate job. "Quota Sync Job"​

      1. This new job for Quota inventory can be scheduled independently fo config sync and defaults to once per day to collect quota's and detect quota changes.​

      2. Recommended for customers with > 1000 quotas

    2. DR Quota Sync

      1. Onefs 8.x required. Allow pre-staging of quotas on the DR cluster and avoid quota scan being triggered during failover. Once this feature is enabled. Quota failover checkbox in DR assistant is automatically disabled.

  3. DR Automation Enhancements:

    1. Faster Failover!!!! Configuration sync will no longer run during a failover, that will remove this time to complete from the failover.

    2. Faster Failback!!!! Eyeglass jobs now automatically get enabled without any manual steps after a failover so that tailback readiness can be assessed faster and the jobs are in the correct state in Eyeglass.

    3. New policy alerts notifies administrator an action is required to enable DR on new policies.

    4. New job type default of none requires newly detected policies to be set to sync mode or DFS mode by the administrator before they can be enabled.  This work flow ensures policies do not get enabled in the wrong mode.

    5. Copy and paste of Failover logs from DR Assistant to simplify getting logs to support.

    6. DR Rehearsal Mode: Failover, Test, Throw away the changes. Complete DR Tests in much less time.

    7. Failover to DR make the target data writeable​

    8. Complete DR mount and write access testing

    9. Throw away changes to DR data

    10. Production copy on source cluster is online at all times

    11. Combine with networking bubble , cloned AD, DNS to complete DR testing with mirror of production  

    12. REST API support for DR Test Mode, IP Pool failover

    13. Full API support to retrieve all DR Dashboard validations for all failover modes​

    14. Auto Add all missing SPN's detected by Isilon.  Enables Eyeglass to check missing SPN's and insert them to ensure none are missing AND insert igls hint SPN's to suppress Isilon Alarms​ for missing SPN's

    15. Any SPN Failover support Now any sun type can be failed over. Example NFS, HDFS, CIFS can be failed over in addition to the host spn used for SMB authentication.  This will allow HDFS Big data failover and support kerberoized NFS failover of SPN's.  

    16. Concurrent Failover - This release will switch all installations to this default mode.  This allows several failovers to run in parallel of any type.  ​​​​The concurrent failover limit will increase from 4 to 5 and can be configured for 50 (open a support case if needed).  This applies to GUI failovers or API failovers.

    17. New Validations For DR Readiness

    18. SPN AD Delegation is now automatically tested for correct delegation in AD for SPN failover​

    19. DNS Dual delegation validation check that all smartconnect names are correctly setup for DNS auto failover. Checks that 2 name servers are setup, verifies an A record correctly points to Isilon SSIP, validates the SSIP is the correct subnet for the pools that are failing over.

    20. Domain mark - Check if this has been run and raise warning in DR Dashboard 

    21. Mismatched SPN cases between AD and Isilon

    22. GUI​

    23. Disable twitter release notification on login page​

    24. ​Access Zone Migration New Dedicated Icon "Data Config Migration":

    25. Ability to copy only configuration data from one zone to another without need a synciq policy to exist.  This can be used by entering any source path and any target path with auto access zone detection.  NOTE:  The paths must exist.  This new job type can stay and run during normal configuration task to keep config data in sync during a migration.  New check box: "Migrate only configuration" 

    26. Ability to auto detect existing syncIQ policies on the source and target path and use them to sync configuration data.  This allows the copy policy to be setup and migration of configuration can use the existing policies in place.

  4. Security Enhancements:

    1. IGLS cli command to automate changing eyeglass service account password and restarting the process to take affect.  Useful for customers with a lot of clusters and regular password change policy can now automate this task