Feature Descriptions

What's Coming Soon

DR Automation Enhancements:

  1. Faster Failover!!!! Configuration sync will no longer run during a failover, that will remove this time to complete from the failover.

  2. Faster Failback!!!! Eyeglass jobs now automatically get enabled without any manual steps after a failover so that tailback readiness can be assessed faster and the jobs are in the correct state in Eyeglass.

  3. New policy alerts notifies administrator an action is required to enable DR on new policies.

  4. New job type default of none requires newly detected policies to be set to sync mode or DFS mode by the administrator before they can be enabled.  This work flow ensures policies do not get enabled in the wrong mode.

  5. Copy and paste of Failover logs from DR Assistant to simplify getting logs to support.

  6. DR Rehearsal Mode: Failover, Test, Throw away the changes. Complete DR Tests in much less time.

    1. Failover to DR make the target data writeable​

    2. Complete DR mount and write access testing

    3. Throw away changes to DR data

    4. Production copy on source cluster is online at all times

    5. Combine with networking bubble , cloned AD, DNS to complete DR testing with mirror of production  

  7. REST API support for DR Test Mode, IP Pool failover, DR Rehearsal mode 

    1. Full API support to retrieve all DR Dashboard validations for all failover modes​

  8. Auto Add all missing SPN's detected by Isilon.  Enables Eyeglass to check missing SPN's and insert them to ensure none are missing AND insert igls hint SPN's to suppress Isilon Alarms​ for missing SPN's

  9. Any SPN Failover support Now any sun type can be failed over. Example NFS, HDFS, CIFS can be failed over in addition to the host spn used for SMB authentication.  This will allow HDFS Big data failover and support kerberoized NFS failover of SPN's.  

  10. Concurrent Failover - This release will switch all installations to this default mode.  This allows several failovers to run in parallel of any time.  ​​​​

  11. New Validations For DR Readiness

    1. SPN AD Delegation is now automatically tested for correct delegation in AD for SPN failover​

    2. DNS Dual delegation validation check that all smartconnect names are correctly setup for DNS auto failover. Checks that 2 name servers are setup, verifies an A record correctly points to Isilon SSIP, validates the SSIP is the correct subnet for the pools that are failing over.

    3. Domain mark - Check if this has been run and raise warning in DR Dashboard 

    4. Mismatched SPN cases between AD and Isilon

  12. ​Access Zone Migration:

    1. Ability to copy only configuration data from one zone to another without need a synciq policy to exist.  This can be used by entering any source path and any target path with auto access zone detection.  NOTE:  The paths must exist.  This new job type can stay and run during normal configuration task to keep config data in sync during a migration.  New check box: "Migrate only configuration" 

    2. Ability to auto detect existing syncIQ policies on the source and target path and use them to sync configuration data.  This allows the copy policy to be setup and migration of configuration can use the existing policies in place.

  13. Security Enhancements:

    1. IGLS cli command to automate changing eyeglass service account password and restarting the process to take affect.  Useful for customers with a lot of clusters and regular password change policy can now automate this task

What's Coming in Release 2.5.5 Ransomware Defender, Easy Auditor and Cluster Storage Monitor

Easy Auditor Enhancements:

  1. Quick Scan Path Search - New architecture to accelerate results for path searching when no user is specified.  The user search is already indexed in a way to easily find all events by a user. The new search index will offer the same search speed for a path search. (patch release coming soon)

  2. AI Analytics of user behavior - Analysis of the Auditor database can determine the optimal Ransomware Defender settings to best protect data and avoid false positives. (patch release coming soon) 

  3. WireTap provides filtering, folder browsing and event filtering. Complete update with advanced filtering options full screen UI.  Realtime IO monitoring of users, paths , folder trees, or single folder.  Allows debugging performance issues.

  4. Real-time Syslog Forwarding - Allow the ECA cluster to forward formatted syslog message to 3rd parties example SIEM tools, event filtering for user, path, event type with regex filters

  5. Where did my folder go?  It will now track directory deletes in a fast cache lookup, and copy and paste results to Excel

  6. HDFS protocol auditing - Supported now with current release

  7. Builtin reports have been enhanced for performance and provide partial results while they execute

  8. Optimized active audit triggers offers more performance at higher event rates to real-time DLP and Mass delete triggers

  9. Active Auditor - Realtime Audit Triggers - Automate security, "No MORE Report Reading"

    1. If this happens and OR that happens send an alert, triggers do not use the database and process event data with stream based analytics.

    2. Predictive Analytics - Each custom trigger created evaluates event data over 1 minute intervals and every 5 minutes a prediction computation runs to provide more accuracy to your security policies getting triggered.

    3. Combine path, user and event types into a customized real-time audit policy that continuously monitors events and fires a trigger when the condition is met.

    4. Geofencing by user or path  - Network Aware Security - Real-time triggers can use the source ip of hosts or even entire subnets.  This allows a whole new security layer that can alert when access to storage is from authorized subnets or detect remote access from VPN or Wifi Guest networks

      1. Combined with user, path, file action, file name and more options powerful Geofence polices can be created to secure your data with network aware policies.​

    5. This allows and event to be sent via email or configure syslog forwarding to a SIEM.

    6. The only customizable real-time audit solution with no lag auditing for Isilon.

Ransomware Defender Enhancements:

  1. No HDFS needed!!!! We have redesigned Ransomware Defender to no longer needed HDFS. Easier to install with fewer dependancies

  2. New GUI for flag as false positive to view users that have been flagged and reset the a user to factor default detection settings

  3. Allow file list add UI for whitelisting files on the dynamic extension list

  4. SIEM Integration - audit data real-time syslog forwarding

Cluster Storage Monitor:​  

  1. Large AD direct collection over LDAP will support direct connect to AD to collect users and groupsSupports 1 million or greater object collection in < 2 minutes.

  2. This new collection method will be shared by all products that need this information example Ransomware, defender, Cluster Storage Monitor all need user to SID resolution and user to group information.

Eyeglass Cluster Agent:

  1. New distributed model allows remote sites to be managed by Mini-Eca a single VM to collect audit data and forward it centrally for process, analysis, storage and searching.  This is designed for customers that have distributed clusters and want centralized security and ransomware defense of all clusters.

  2. New model can support IsilonSD clusters used at edge locations and offer centralized services.


What's Coming in Release 1.1.2 of Search & Recover

  1. Snapshot Mode - Index and search Snapshot data to locate deleted data or old versions of files for recovery

    1. User Interface allows searching snapshots with the click of a button

    2. Restore files to the file system with simple right click restore (files restored with prefix and file secured to the user automatically

    3. Backup administrators or end users can easily recover data from snapshots

  2. User Search Advanced Window supports Searching snapshots, Cloudpool archive data or Folders only

  3. Active Directory Group support for adding search administrators to an indexed path

  4. Phonehome Support - remote log collection for simpler support

  5. Excel Results download support

  6. Index Audit feature to verify file system to index accuracy (runs weekly), removes orphaned index data from folder rename operations

  7. New Quick Reports

    1. Who used up the space? (Coming Soon, Who used the space on that share last month?

    2. What's been Archived to Cloudpools? (Coming Soon, Cloudpool stub reporting)

What's Coming in Release 1.1.1 of Search & Recover

  1. Admin quick reports give you the answers you need to manage storage (see screenshots)

    1. What's Growing old?​

    2. Who owns that?

    3. Show me the Types

  2. Dynamic Data Tags - auto tag data with content strings or ID's and leverage Dynamic Data tags in all searches and all reports. Example tag using project-123 can be located with wild cards project-???​ to find all projects, or project-1?? to find all projects that start with 1.  Very powerful , easy to use.

  3. Data Owner Administrator - Override Isilon security to create path based Data Owner Search Administrators

  4. Alarms with SMTP configuration for sending alarms and status of indexing

What's Coming in Release 1.1.0 of Search & Recover

  1. Full content and metadata indexing per path

  2. User secure search with advanced field searching

  3. Admin only mode for analytics, reporting and scripting file system actions based on results

  4. 3 security modes (share level, ACL or hybrid)

  5. Full and incremental index using change list API

What's Coming in Release 2.5.4 Cluster Storage Monitor Overview

  1. Unlock my files!!!!​

    1. Help desk application to find locked files and break locks for users​. Dedicated Role in Eyeglass

    2. Secure proxy file list and break lock button requires Zero Isilon knowledge to use.

    3. This will be a feature that request Storage Cluster Monitor product license key.







What's Coming in Release 2.5.3  Overview


  1. Alarm emails are now basic html, no images included - subject of email includes application name and user name if relevant to the alarm.

    1. Alarm codes now visible in the UI​

    2. Email subject includes the application name that created the alarm for alarm filtering

  2. igls command to change the severity of any alarm type, example sync jobs can generate a lot of alarms and are sent as critical. igls command can change this alarm code to major or warning on a per alarm code basis. This allows customers to lower severity of alarms without changing the global alarm severity filter settings. 

DR Edition Overview:

  1. Overlapping Access Zone Failover support (see documentation for limitations)

    1. Overlapping means 2 access zones that share the same base path with at least 1 SyncIQ policy at or below the access zone path.

  2. Major Enhancements to Quota syncing for large quota count customers

    1. Option to remove quota collection from normal share/export syncing. This is for large quota count customers to speed up the config sync and move quota inventory detection to a separate job. "Quota Sync Job"​

      1. This new job for Quota inventory can be scheduled independently fo config sync and defaults to once per day to collect quota's and detect quota changes.​

      2. Recommended for customers with > 1000 quotas

    2. DR Quota Sync

      1. Onefs 8.x required. Allow pre-staging of quotas on the DR cluster and avoid quota scan being triggered during failover. Once this feature is enabled. Quota failover checkbox in DR assistant is automatically disabled.

Easy Auditor Overview:

  1. What's Happening Now?  

    1. Prebuilt indexed cache of events for active paths in the file system covering the 48 hours of activity. Allows ultra fast browsing based on file tree browser to see all events.  Interactive UI to select a path see all events and filter on event type or user. Similar to Pivot tables in spreadsheets dynamically built as events stream through the ECA cluster.

  1. HIPAA - Compliance Reports

    1. 164.308(a)(5)(ii)(C) - Log in Monitoring built-in report

      1. User data access based on authentication audit messages allows compliance with HIPAA requirements to report on users that access data based on authentication records​

  2. Easy Auditor Active Auditing Inline Analytics 

    1. Mass Delete file policy - Monitor paths for X files deleted in Y minutes with alarm and SnapshotIQ snapshots on paths that trigger mass delete policies. Analysis runs on the ECA cluster as events are processed. Per User policy​

    2. Data Loss Prevention Policy - Monitors a path for x % of data read over Y minutes per user will trigger an alert of possible data leak or bulk copy of secure data. Analysis runs on the ECA cluster as events are processed.

  3. Scheduled Searches will send info alarm with name of the search in the email subject.

  4. Builtin Reports​

    1. Employee Exit Report - quick easy search for HR when an employee leaves the company​

  5. Auditing Features​

    1. Support for NFS file access User ID and source client IP address in reports that made the file change or access​

    2. NFS UID mapped to AD, NFS local user friendly name resolution in reports

    3. Auto Save Report to an NFS mount igls command to change location of saves and remount to Ision for centralized report storage

    4. New ECA Alarm detection for audit event ingestion issues

    5. New ECA Alarm for failure to write to Analytics Database

    6. New ingest IGS CLI select a date range of gz Isilon archived audit events.  

      1. Ingest missing data

      2. Ingest data on disk before Easy Auditor installation

      3. Avoids and detects duplicate events during ingestion process

    7. Load Balance processes on 6 node ECA clusters

    8. Historical search logs UI archives all query logs to the Isilon over HDFS with UI to download or navigate logs

    9. Support for 1 Million events in CSV reports

    10. Support for continuous results feature

      1. Allows retrieval of partial report data while its running 50 000 events at a time. Cancel a report search if the data required is already returned

    11. Support for NFS User ID in reports for NFS audit events plus source IP of the NFS client in reports

    12. Update to WireTap to support new internal event streaming architecture

  6. Beta Features in this release​

    1. Robot Audit 

      1. This feature performs continuous auditing by creating user events as an SMB connected user.  The events are created , ingested and stored in the database.  The Robot audit process runs reports and counts file and directory events and logs success or failure.  This offers the highest level of confidence that audit data is being processed and stored.  The audit lag is the time from when an event is created to when the data is searchable.


Ransomware Defender Product:

  1. Honey pot File traps

    1. Detection at the folder level allows files to be placed in specific folder locations as detection of any type of Ransomware behaviour attack that combines file access to Honeypot trap files that Defender users to track

    2. Ransomware at the folder level and does not depend on a specific file IO pattern for detection

    3. Uses immediate lock out logic when this detection trap is tripped

    4. Administrators can create this trap on any folder in the file system as needed.

  2. Roaming Profile Support 

    1. Roaming profiles on Isilon shares writes files using a common Ransomware IO pattern trigger a lockout.

    2. New Relative path whitelist support allows only the directories of the profile to be added to the whitelist and still protect data in the users profile. Example whitelist /ifs/data/roamingprofilessharepath/*/Appdata This will ignore all user Appdata (the profile path) in each users home directory on a share that stores all users home directories.  

  3. Learning mode

    1. Flag false positives to provide feedback for behaviour learning per user. Builds a feedback dynamic learning solution tuned for your NAS workflows.   

  4. Support to lockout a client on an NFS export of Ransomware activity is detected. Disabled by default and enabled with igls cli  

Cluster Storage Monitor Major Updates:
  1. Managing quotas at scale requires tools to create, update and report. This update to CSM (Storage Cluster Monitor) brings a lot of enhancements.

    1. Manage quotas with Active Directory groups.  ​

      1. Create Gold, Silver and bronze tiers of quota or any configuration you need with Templates for Hard Soft, and advisor. Change a user AD group membership triggers an a quota change​

      2. Supports User quotas and directory quotas

      3. Directory quota allows setting a path baseline and a default subdirectory quota that is applied for each new directory detected

    2. UI now shows user or group assigned to to the quota in administration UI. ​

    3. %U Shares allow a template quota to be applied to each directory under the %U share. 

      1. This automates directory quota's with a default template that can be changed​ and update all directory quotas under the share path defined with %U

    4. Quota Reports now include templates assigned to users in AD

What's Coming in Release 2.5.2  Overview

General Overview:

  1. Automatic NFS mount management for Turboaudit will automatically mount audit log export on the ECA cluster

  2. ECA cluster up delay option for debugging boot issues

  3. Timeout settings are controlable

  4. Search Analytics database diagnostics

Easy Auditor Overview:

  1. Where did my folder go? Major enhancement dedicated index for fast lookup of user drag and drop and renamed folders.   

Ransomeware Defender Overview:

  1. File extension detection whitelisting of allowed file extensions to a whitelist when processing events. igls cli command to add, list and delete file extensions on the whitelist

  2. Lockout Enhancements with restore user in error state for retry to restore user permissions

  3. Enhanced Burst lockout support for many parallel detections and many snapshot creations

  4. IGLS CLI command to change snapshot expiry from 48 hours to any value. Allows keeping data protection snapshots for longer periods of time to assist with data recovery from a security event.

What's Coming in Release 2.5.0 Easy Auditor Overview

Easy Auditor Overview:

The only product on the market designed for Scale out NAS auditing. Clustered real-time processing, big data analytics to analysis audit data required for Scale out NAS customers. Available as standalone or fully integrated with the Superna Eyeglass Data Protection suite.

Easy Auditor Product Release:

  1. Scalable storage or audit data with support for billions of audit records

  2. Fully Integrated to Isilon with native API support

  3. Protect Audit database with SnapshotIQ and SyncIQ simplifies management and protection using familiar Isilon tools for NAS admin.

  4. Scales to match any sized Isilon environment with 3, 6 or 9 node clusters

  5. Compressed storage with no need to uncompress data to search

    1. Approximately 10:1 compression for cost savings versus fibre channel ​

  6. Search on any file audit event type, path, AD user, date or time range

  7. Scheduled searches with email support

  8. Role based access with admin and read only auditor support

  9. Export data to CSV for easy manipulation, sorting or analysis

  10. Access Zone aware auditing

  11. Real-time wiretap of a path or user to see real-time events in the file system.

    1. Debug file access issues​

    2. Application performance issues

  12. Where did my folder go? Find drag and drop by users quickly to restore files to original location

  13. Builtin reports

    1. Stale data access​ - Who has access but has not accessed shares?

    2. Permissions report - Who has what access to shares?

    3. Top data creators by GB and by file count - Who created the most files? Who created the most data?

    4. Top data file deletes report - Who deleted the most files?

    5. Find top x % reports

What's Coming in Release 2.0 DR Edition Overview

Failover Enhancements:
  • Watch a short video covering the Failover Enhancements 

  • (Major Feature) IP Pool Failover - This allows even more control of how data is failed over. Many customers create IP pools for each protocol (SMB, NFS) or business applications. This new feature will execute the entire Access Zone failover automation but only for one or more IP pools selected for failover.

    1. Enables Hot - Hot Single Access zone example system or other access zone can now have writeable data on both clusters at the IP pool level. IP pool SMB active on cluster 1 and NFS or SMB2 IP pool active on cluster 2 

    2. NOTE: SyncIQ policies are mapped in DR Dashboard UI to a subnet:pool name, Administrator error that incorrectly maps a policy to name can result in read-only data outage. Its expected the administrator knows which Pools are protected by a specific list of policies.

Failover log Enhancements

  1. Failover option added to skip quotas: This new DR Assistant check box allows skipping quota failover step for situations when a failback is planned within a short period of time. This also can help avoid failed failovers due to quota scan failing SyncIQ steps.

  2. Color coded Success and Failure per step. To quickly identify any step that was failed

  3. Failover Summary: Each step is summarized at the end of the failover for all keys steps Example below:

    1. Overall Failover Job status: Completed, total elapsed time: 0 hours, 11 minutes, 40.50 seconds.
      Final SyncIQ Jobs status: Completed, elapsed time: 0 hours, 1 minutes, 34.02 seconds.
      Client Redirect status: Completed, elapsed time: 0 hours, 0 minutes, 26.17 seconds.
      Make Target Writeable status: Completed, elapsed time: 0 hours, 0 minutes, 40.75 seconds.
      Quota Jobs status: Completed, elapsed time: 0 hours, 0 minutes, 2.21 seconds.
      Preparation for Failback status: Completed, elapsed time: 0 hours, 0 minutes, 56.89 seconds.​

  4. Cancel Failover option on running failovers UI. NOTE: Only used if directed by support.​

Failover Logic Major Enhancements

  1. Parallel Failover Jobs:

    1. This feature will allow multiple failovers to execute in parallel.​ All Failover types are supported.  

    2. NOTE: parallel threads is set to 10 which is shared across all failover jobs.

  2. LOGGING: Failover log will be split into Failed over data and client redirect. This will indicate the failover of data and clients and post failover scripts. The second half of the log will be for post failover steps including  failback steps and quota failover.

  3. Continue on failed Step: After analyzing many failovers the new logic will continue to execute steps as outlined below. This will ensure SyncIQ policies are attempted even if one syncIQ policy encounters an error.

    1. Make Write Step on each SyncIQ policy - If any policy fails to run, all other policies are run and failover continues​. The steps that are not yet run for the failed policy will be skipped.

    2. Run Resync Prep SyncIQ - If any policy fails to run, all other policies are run and failover continues​.

    3. NOTE: Any policy that fails a step will have its following steps skipped.  

  4. Cancel a running failoverThis option appears in the running failover ​tab of DR Assistant and allows a running failover to be canceled. NOTE: No Rollback will occur and failover stops at what ever step was being executed. All steps to recover from this will be manual. Use with caution.

  5. Skip quota failover step option DR Assistant 

    1. In some customer environments the quota scan job interferes with failover and failback performance. The requirement to wait until quota scan completes adds hours to a failover or interrupts a failover with a failed SyncIQ step.

    2. This feature allows skipping failover of quotas and leave them on the source cluster.
      Eyeglass has a special quota sync command line tool that allows quotas to be synced AFTER a failover has been completed.

    3. Customers can now choose to skip quota failover in DR Assistant. Another feature detects if quotas already exist that will fail SyncIQ steps.

DR Assistant Block Failover on Warnings

​Overview: This will validate failover jobs and prevent a failover from starting under certain conditions that will result in a failure. This applies to newly created quotas that have not been scanned by quota scan job.

  1. Quota scans are triggered on Onefs 8 when quotas are created or quota scan jobs are scheduled to run to calculate quotas. 

    1. This can interfere with the make writeable step and resync prep during failover. 

    2. It is best practise to ensure no quotas are created before failover to avoid this conflict.

    3. Quota scan locks the file system blocking SyncIQ from completing steps

  2. DR Assistant will have new option (enabled by default) to detect if any quotas exist on the target cluster at the time of failover that match SyncIQ policies selected for a failover and will abort the failover:

    1. If any quotas have the ready for Quota scan attribute set (this flag indicates quota scan needs to run)

    2. Note: disabling or canceling a running quota scan job on the cluster does not avoid the conflict with SyncIQ.  The attribute on the quota determines of SyncIQ step will fail.

  3. DR Assistant will offer the ability to uncheck this detection function at the users risk of SyncIQ steps failing.

  • Data Integrity Failover

    1. Access zones or DFS and Per SyncIQ policy failover will now insert deny everyone permissions to shares that will be failed over as a pre-Failover step. This will disconnect openfiles, disconnect users from all shares involved in the failover. This will ensure data integrity of the failed over data set when SyncIQ is run by Superna Eyeglass® after users are disconnected.

    2. Post failover step to correct share permissions to original security settings.

    3. Option to disable this feature on per failover with DR Assistant.

    4. Supports SMB shares in this release

    5. See New DR Assistant option below. Mouse over help text on options for failover


Configuration Management Cluster Reports Enhancement: Differences Cluster Reports
  1. Configuration Management reports now include a difference file emailed with reports that compares each clusters report to the previous cluster report and identifies changes using Green (Added configuration), Orange (Changed Configuration), Red (Deleted configuration) markings in a Differences report.

  2. This new capability allows complete change management detection and differencing to be fully automated. Setting the report schedule to weekly allows each weeks changes to be compared and summarized.

​Configuration Sync Enhancements:

  1. To support hiding shares with $ on DR clusters for security reasons. DFS mode has been tested with Access Zone failover to support the existing feature.

    1. Will support changing prefix of share on DR cluster example append DR-XXX (where xxx is original share name) and enable $ append feature to add $ to the end of the share to hide it from browse lists​

    2. On failover the prefix is removed and $ removed and then is automatically reapplied to the source cluster to re-hide the shares.

  2. Quota failover and sync option to create quotas with snapshot overhead and protection overhead enabled.  Previous versions removed these attributes due to conflict with SyncIQ replication. This release will sync these attributes on quotas.​

  3. NFS Exports with un-resolvable hostnames or netgroups​ override

    1. Eyeglass default behaviour is to fail config sync job status when the DR cluster cannot resolve client list host names or netgroups.​

    2. New IGLS cli command (global), will allow override of this behaviour to sync exports with unresolvable client list entries.

    3. NOTE: This is not best practise since post failover the unresolved host entries will not be able to mount the export

​General Enhancements:

  1. Webhook support for alarms - ability to configure a webhook url to have alarms posted to a monitoring application

  2. Alarming - Snmp forwarding addon built in the 2.0 OVF appliance (can be updated on a 1.9.3 or later VM) to forward Eyeglass alarms and Isilon events/alarms to SNMP destination and Syslog. (guide here)

  3. OpenSuse 42.3 OVF with simply upgrade using backup and restore of settings

Storage cluster Monitor 

  1. CSM Reports now add columns with protection and snapshot overhead