Feature Descriptions

What's Coming Soon Golden Copy Release 1.0

Key Features:

  1. Copy or sync Mode of a path to S3 storage

    1. Isilon Snapshot aware point in time copy or sync

  2. ​Free up Isilon usable space by reducing snapshot retentions and copy  S3 storage for long term archive 

  3. Copy Existing Isilon Snapshots to S3 storage for long term retention

  4. Sync Mode uses Isilon change list for incremental copies

    1. Delayed Delete in Sync mode to move deleted files to delete storage bucket

  5. Rate limiting option per path in Mbps​

  6. No load balancer required for on premise S3 multi node storage with load balancing file copies

  7. Smartconnect load balancing of copy work load across Isilon nodes

  8. Meta data protection stored in S3 objects for files and folders (ACL's, owner, group, mode bits, date stamps)

  9. Native file format copies and folder structure is preserved

  10. Restore full or partial with meta data restored to Isilon file system

    1. Redirected restore to a different Isilon

    2. Single file restore with any S3 Browser tool​

  11. Dual copy a folder to multiple S3 targets

  12. S3 supported targets Dell ECS and AWS S3 (Glazier or deep archive),  Azure blob, Cohesity






























What's Coming Soon Ransomware Defender Release 2.5.7

Ransomware Defender

  1. AirGap 2.0 - A complete solution to protect your data with protractive behavior monitoring of the source data access combined with Smart AirGap technology to manage SyncIQ policy replication to a 3rd AirGap Isilon.

  2. Smart AirGap is unique solution to Ransomware Defender that suspends copy operations when an active threat to your data is detected.  Unlike other solutions that will copy encrypted data to the offline copy.

  3. Ransomeware Defender manages the AirGapped Isilon in-band  over the replication network ensuring your isolated Isilon is never exposed on your network.

  4. Automated AirGap Management ensures the AirGap is open and closed automatically before and after SyncIQ block level incremental copies complete.  Fastest AirGap solution allows your 3rd copy to be an hour behind production.  Not days like other solutions.  

  5. Virtual AirGap or physical AirGap let you choose the level of security for your deployment. Physical AirGap allows full Ethernet cable disconnect adding physical layer protection.

  6. New Behavior detections expands behavior analysis combined with honeypot and managed banned list of 2000+ extensions provides the highest level of data protection.


What's Coming Soon DR Release 2.5.6

DR Automation Enhancements:

  1. Faster Failover!!!! Configuration sync will no longer run during a failover, that will remove this time to complete from the failover.

  2. Faster Failback!!!! Eyeglass jobs now automatically get enabled without any manual steps after a failover so that tailback readiness can be assessed faster and the jobs are in the correct state in Eyeglass.

  3. New policy alerts notifies administrator an action is required to enable DR on new policies.

  4. New job type default of none requires newly detected policies to be set to sync mode or DFS mode by the administrator before they can be enabled.  This work flow ensures policies do not get enabled in the wrong mode.

  5. Copy and paste of Failover logs from DR Assistant to simplify getting logs to support.

  6. DR Rehearsal Mode: Failover, Test, Throw away the changes. Complete DR Tests in much less time.

    1. Failover to DR make the target data writeable​

    2. Complete DR mount and write access testing

    3. Throw away changes to DR data

    4. Production copy on source cluster is online at all times

    5. Combine with networking bubble , cloned AD, DNS to complete DR testing with mirror of production  

  7. REST API support for DR Test Mode, IP Pool failover

    1. Full API support to retrieve all DR Dashboard validations for all failover modes​

  8. Auto Add all missing SPN's detected by Isilon.  Enables Eyeglass to check missing SPN's and insert them to ensure none are missing AND insert igls hint SPN's to suppress Isilon Alarms​ for missing SPN's

  9. Any SPN Failover support Now any sun type can be failed over. Example NFS, HDFS, CIFS can be failed over in addition to the host spn used for SMB authentication.  This will allow HDFS Big data failover and support kerberoized NFS failover of SPN's.  

  10. Concurrent Failover - This release will switch all installations to this default mode.  This allows several failovers to run in parallel of any type.  ​​​​The concurrent failover limit will increase from 4 to 5 and can be configured for 50 (open a support case if needed).  This applies to GUI failovers or API failovers.

  11. New Validations For DR Readiness

    1. SPN AD Delegation is now automatically tested for correct delegation in AD for SPN failover​

    2. DNS Dual delegation validation check that all smartconnect names are correctly setup for DNS auto failover. Checks that 2 name servers are setup, verifies an A record correctly points to Isilon SSIP, validates the SSIP is the correct subnet for the pools that are failing over.

    3. Domain mark - Check if this has been run and raise warning in DR Dashboard 

    4. Mismatched SPN cases between AD and Isilon

  12. GUI​

    1. Disable twitter release notification on login page​

  13. ​Access Zone Migration New Dedicated Icon "Data Config Migration":

    1. Ability to copy only configuration data from one zone to another without need a synciq policy to exist.  This can be used by entering any source path and any target path with auto access zone detection.  NOTE:  The paths must exist.  This new job type can stay and run during normal configuration task to keep config data in sync during a migration.  New check box: "Migrate only configuration" 

    2. Ability to auto detect existing syncIQ policies on the source and target path and use them to sync configuration data.  This allows the copy policy to be setup and migration of configuration can use the existing policies in place.

  14. Security Enhancements:

    1. IGLS cli command to automate changing eyeglass service account password and restarting the process to take affect.  Useful for customers with a lot of clusters and regular password change policy can now automate this task

What's Coming in Release 2.5.5 Ransomware Defender, Easy Auditor and Cluster Storage Monitor

Easy Auditor Enhancements:

  1. Quick Scan Path Search - New architecture to accelerate results for path searching when no user is specified.  The user search is already indexed in a way to easily find all events by a user. The new search index will offer the same search speed for a path search. (patch release coming soon)

  2. AI Analytics of user behavior - Analysis of the Auditor database can determine the optimal Ransomware Defender settings to best protect data and avoid false positives. (patch release coming soon) 

  3. WireTap provides filtering, folder browsing and event filtering. Complete update with advanced filtering options full screen UI.  Realtime IO monitoring of users, paths , folder trees, or single folder.  Allows debugging performance issues.

  4. Real-time Syslog Forwarding - Allow the ECA cluster to forward formatted syslog message to 3rd parties example SIEM tools, event filtering for user, path, event type with regex filters

  5. Where did my folder go?  It will now track directory deletes in a fast cache lookup, and copy and paste results to Excel

  6. HDFS protocol auditing - Supported now with current release

  7. Builtin reports have been enhanced for performance and provide partial results while they execute

  8. Optimized active audit triggers offers more performance at higher event rates to real-time DLP and Mass delete triggers

  9. Active Auditor - Realtime Audit Triggers - Automate security, "No MORE Report Reading"

    1. If this happens and OR that happens send an alert, triggers do not use the database and process event data with stream based analytics.

    2. Predictive Analytics - Each custom trigger created evaluates event data over 1 minute intervals and every 5 minutes a prediction computation runs to provide more accuracy to your security policies getting triggered.

    3. Combine path, user and event types into a customized real-time audit policy that continuously monitors events and fires a trigger when the condition is met.

    4. Geofencing by user or path  - Network Aware Security - Real-time triggers can use the source ip of hosts or even entire subnets.  This allows a whole new security layer that can alert when access to storage is from authorized subnets or detect remote access from VPN or Wifi Guest networks

      1. Combined with user, path, file action, file name and more options powerful Geofence polices can be created to secure your data with network aware policies.​

    5. This allows and event to be sent via email or configure syslog forwarding to a SIEM.

    6. The only customizable real-time audit solution with no lag auditing for Isilon.

Ransomware Defender Enhancements:

  1. No HDFS needed!!!! We have redesigned Ransomware Defender to no longer needed HDFS. Easier to install with fewer dependancies

  2. New GUI for flag as false positive to view users that have been flagged and reset the a user to factor default detection settings

  3. Allow file list add UI for whitelisting files on the dynamic extension list

  4. SIEM Integration - audit data real-time syslog forwarding

Cluster Storage Monitor:​  

  1. Large AD direct collection over LDAP will support direct connect to AD to collect users and groupsSupports 1 million or greater object collection in < 2 minutes.

  2. This new collection method will be shared by all products that need this information example Ransomware, defender, Cluster Storage Monitor all need user to SID resolution and user to group information.

Eyeglass Cluster Agent:

  1. New distributed model allows remote sites to be managed by Mini-Eca a single VM to collect audit data and forward it centrally for process, analysis, storage and searching.  This is designed for customers that have distributed clusters and want centralized security and ransomware defense of all clusters.

  2. New model can support IsilonSD clusters used at edge locations and offer centralized services.


What's Coming in Release 1.1.2 of Search & Recover

  1. Snapshot Mode - Index and search Snapshot data to locate deleted data or old versions of files for recovery

    1. User Interface allows searching snapshots with the click of a button

    2. Restore files to the file system with simple right click restore (files restored with prefix and file secured to the user automatically

    3. Backup administrators or end users can easily recover data from snapshots

  2. ACL Security Mode - New security mode that evaluates file system ACL's to determine search results to data based on both SMB and file system ACL security.  Fully automated security mode with no manual steps.

  3. User Search Advanced Window supports Searching snapshots, Cloudpool archive data or Folders only

  4. Active Directory Group support for adding search administrators to an indexed path

  5. Phonehome Support - remote log collection for simpler support

  6. Excel Results download support

  7. Search Rest API allows building customer applications or automating searches for alerting

  8. Index Audit feature to verify file system to index accuracy (runs weekly), removes orphaned index data from folder rename operations

  9. New Quick Reports

    1. Who used up the space? (Coming Soon, Who used the space on that share last month?

    2. What's been Archived to Cloudpools? (Cloudpool stub reporting)

What's Coming in Release 1.1.1 of Search & Recover

  1. Admin quick reports give you the answers you need to manage storage (see screenshots)

    1. What's Growing old?​

    2. Who owns that?

    3. Show me the Types

  2. Dynamic Data Tags - auto tag data with content strings or ID's and leverage Dynamic Data tags in all searches and all reports. Example tag using project-123 can be located with wild cards project-???​ to find all projects, or project-1?? to find all projects that start with 1.  Very powerful , easy to use.

  3. Data Owner Administrator - Override Isilon security to create path based Data Owner Search Administrators

  4. Alarms with SMTP configuration for sending alarms and status of indexing

What's Coming in Release 1.1.0 of Search & Recover

  1. Full content and metadata indexing per path

  2. User secure search with advanced field searching

  3. Admin only mode for analytics, reporting and scripting file system actions based on results

  4. 3 security modes (share level, ACL or hybrid)

  5. Full and incremental index using change list API

What's Coming in Release 2.5.4 Cluster Storage Monitor Overview

  1. Unlock my files!!!!​

    1. Help desk application to find locked files and break locks for users​. Dedicated Role in Eyeglass

    2. Secure proxy file list and break lock button requires Zero Isilon knowledge to use.

    3. This will be a feature that request Storage Cluster Monitor product license key.







What's Coming in Release 2.5.3  Overview


  1. Alarm emails are now basic html, no images included - subject of email includes application name and user name if relevant to the alarm.

    1. Alarm codes now visible in the UI​

    2. Email subject includes the application name that created the alarm for alarm filtering

  2. igls command to change the severity of any alarm type, example sync jobs can generate a lot of alarms and are sent as critical. igls command can change this alarm code to major or warning on a per alarm code basis. This allows customers to lower severity of alarms without changing the global alarm severity filter settings. 

DR Edition Overview:

  1. Overlapping Access Zone Failover support (see documentation for limitations)

    1. Overlapping means 2 access zones that share the same base path with at least 1 SyncIQ policy at or below the access zone path.

  2. Major Enhancements to Quota syncing for large quota count customers

    1. Option to remove quota collection from normal share/export syncing. This is for large quota count customers to speed up the config sync and move quota inventory detection to a separate job. "Quota Sync Job"​

      1. This new job for Quota inventory can be scheduled independently fo config sync and defaults to once per day to collect quota's and detect quota changes.​

      2. Recommended for customers with > 1000 quotas

    2. DR Quota Sync

      1. Onefs 8.x required. Allow pre-staging of quotas on the DR cluster and avoid quota scan being triggered during failover. Once this feature is enabled. Quota failover checkbox in DR assistant is automatically disabled.

Easy Auditor Overview:

  1. What's Happening Now?  

    1. Prebuilt indexed cache of events for active paths in the file system covering the 48 hours of activity. Allows ultra fast browsing based on file tree browser to see all events.  Interactive UI to select a path see all events and filter on event type or user. Similar to Pivot tables in spreadsheets dynamically built as events stream through the ECA cluster.

  1. HIPAA - Compliance Reports

    1. 164.308(a)(5)(ii)(C) - Log in Monitoring built-in report

      1. User data access based on authentication audit messages allows compliance with HIPAA requirements to report on users that access data based on authentication records​

  2. Easy Auditor Active Auditing Inline Analytics 

    1. Mass Delete file policy - Monitor paths for X files deleted in Y minutes with alarm and SnapshotIQ snapshots on paths that trigger mass delete policies. Analysis runs on the ECA cluster as events are processed. Per User policy​

    2. Data Loss Prevention Policy - Monitors a path for x % of data read over Y minutes per user will trigger an alert of possible data leak or bulk copy of secure data. Analysis runs on the ECA cluster as events are processed.

  3. Scheduled Searches will send info alarm with name of the search in the email subject.

  4. Builtin Reports​

    1. Employee Exit Report - quick easy search for HR when an employee leaves the company​

  5. Auditing Features​

    1. Support for NFS file access User ID and source client IP address in reports that made the file change or access​

    2. NFS UID mapped to AD, NFS local user friendly name resolution in reports

    3. Auto Save Report to an NFS mount igls command to change location of saves and remount to Ision for centralized report storage

    4. New ECA Alarm detection for audit event ingestion issues

    5. New ECA Alarm for failure to write to Analytics Database

    6. New ingest IGS CLI select a date range of gz Isilon archived audit events.  

      1. Ingest missing data

      2. Ingest data on disk before Easy Auditor installation

      3. Avoids and detects duplicate events during ingestion process

    7. Load Balance processes on 6 node ECA clusters

    8. Historical search logs UI archives all query logs to the Isilon over HDFS with UI to download or navigate logs

    9. Support for 1 Million events in CSV reports

    10. Support for continuous results feature

      1. Allows retrieval of partial report data while its running 50 000 events at a time. Cancel a report search if the data required is already returned

    11. Support for NFS User ID in reports for NFS audit events plus source IP of the NFS client in reports

    12. Update to WireTap to support new internal event streaming architecture

  6. Beta Features in this release​

    1. Robot Audit 

      1. This feature performs continuous auditing by creating user events as an SMB connected user.  The events are created , ingested and stored in the database.  The Robot audit process runs reports and counts file and directory events and logs success or failure.  This offers the highest level of confidence that audit data is being processed and stored.  The audit lag is the time from when an event is created to when the data is searchable.


Ransomware Defender Product:

  1. Honey pot File traps

    1. Detection at the folder level allows files to be placed in specific folder locations as detection of any type of Ransomware behaviour attack that combines file access to Honeypot trap files that Defender users to track

    2. Ransomware at the folder level and does not depend on a specific file IO pattern for detection

    3. Uses immediate lock out logic when this detection trap is tripped

    4. Administrators can create this trap on any folder in the file system as needed.

  2. Roaming Profile Support 

    1. Roaming profiles on Isilon shares writes files using a common Ransomware IO pattern trigger a lockout.

    2. New Relative path whitelist support allows only the directories of the profile to be added to the whitelist and still protect data in the users profile. Example whitelist /ifs/data/roamingprofilessharepath/*/Appdata This will ignore all user Appdata (the profile path) in each users home directory on a share that stores all users home directories.  

  3. Learning mode

    1. Flag false positives to provide feedback for behaviour learning per user. Builds a feedback dynamic learning solution tuned for your NAS workflows.   

  4. Support to lockout a client on an NFS export of Ransomware activity is detected. Disabled by default and enabled with igls cli  

Cluster Storage Monitor Major Updates:
  1. Managing quotas at scale requires tools to create, update and report. This update to CSM (Storage Cluster Monitor) brings a lot of enhancements.

    1. Manage quotas with Active Directory groups.  ​

      1. Create Gold, Silver and bronze tiers of quota or any configuration you need with Templates for Hard Soft, and advisor. Change a user AD group membership triggers an a quota change​

      2. Supports User quotas and directory quotas

      3. Directory quota allows setting a path baseline and a default subdirectory quota that is applied for each new directory detected

    2. UI now shows user or group assigned to to the quota in administration UI. ​

    3. %U Shares allow a template quota to be applied to each directory under the %U share. 

      1. This automates directory quota's with a default template that can be changed​ and update all directory quotas under the share path defined with %U

    4. Quota Reports now include templates assigned to users in AD

What's Coming Soon Performance Auditor Release 1.0

Key Features:

  1. Real-Time 1 second updates to relate key performance metrics cluster wide or per node

  2. Performance Metrics:

    1. Cluster wide and per node read and write throughput​

    2. Per User (AD or NFS) read and writhe throughput

    3. Per file read and write throughput

    4. per source subnet range read and write throughput

    5. Per application read and write throughput

  3. Auto Detected Top Applications resource consumers cluster wide​

  4. Relates Node to user to files to subnets or any combination to zoom in on any resource with multiple views (node, user, file, application, subnet)

  5. Pinning Feature allows a user, node, file or subnet anywhere on the cluster to be added to the real-time display to allow comparing the top resource consumer to the pinned object. 

    1. Example Pin a user that has raised a performance issue to the real time dashboard to easily see if this user is competing for resources on a heavily loaded node. 

    2. View the users file level performance be selecting the user to see bandwidth used by the application at the file level to determine the issue is an application issue or storage issue.

  6. Planned to release updates ​

    1. Application wait time in ms measures application logic issues that slow down application performance​

    2. Application efficiency scoring dynamically scores application file system access patterns for reads and writes and compares to highest scoring applications in your environment.  Helps identify applications that do not use NAS data efficiently based wait time and application block requests

    3. SMB , NFS, HDFS protocol break down

    4. Netflix Mode - play ,pause, rewind, fast forward real-time performance data from the past

What's Coming Soon Search & Recover And Golden Copy 1.1.4

Key Features Search & Recover:

  1. Snapshot Only mode - This mode allows a folder that has a snapshot schedule configured to be added and indexed.  This will only index the snapshot data and not the file system path.

    1. This mode supports up to 25 snapshot paths

    2. A deep scan index can select any pre-existing snapshot name to tree walk the entire snapshot protected path and add to the index and then switch to incremental mode. This monitors for  new snapshots and merges only the differences into the index.

    3. Enables Recovery mode on multiple snapshot folders for backup administrators to search for files with file collision handling, restore and re-apply permissions with old and new file UNC path provided to the backup administrator or end user

    4. Supports end user restore portal with self search and recover from snapshots 

  2. New index engine version

    1. Faster Metadata indexing 

  3. Beta S3 Storage bucket Indexing​

    1. Index file metadata in AWS S3, Azure, Dell ECS​ (no content in this beta) to enable searching through object store data.

  4. File Pool Billing Tool enhancements for chargeback enhancements​

  5. Phone home Support for remote log collection and monitoring

Key Features Golden Copy:

  1. Recall Job to allow bulk data recall from Object back to File

    1. Same cluster or different cluster (no license key requirement on recalls)​

    2. Metadata reapply (permissions, owner and some data stamps)

    3. Single file recall

  2. Show Copy rate in MB/s web report

  3. Tree walk speed enhancement to use Search & Recover Distributed BFS Algorithm 

  4. Ability to add Include / Exclude path filters to skip copying specific paths or file types

  5. Golden Copy Phone Home for remote log collection and monitoring