VNX Events and Retention Suite Fundamentals

Welcome to VNX Events and Retention Suite Fundamentals.
Copyright 2015 EMC Corporation. All Rights Reserved. Published in the USA. EMC believes the information in this publication is accurate
as of its publication date. The information is subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF
ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. The trademarks,
logos, and service marks (collectively "Trademarks") appearing in this publication are the property of EMC Corporation and other parties.
Nothing contained in this publication should be construed as granting any license or right to use any Trademark without the prior written
permission of the party that owns the Trademark.
EMC, EMC AccessAnywhere Access Logix, AdvantEdge, AlphaStor, AppSync ApplicationXtender, ArchiveXtender, Atmos, Authentica,
Authentic Problems, Automated Resource Manager, AutoStart, AutoSwap, AVALONidm, Avamar, Bus-Tech, Captiva, Catalog Solution, CClip, Celerra, Celerra Replicator, Centera, CenterStage, CentraStar, EMC CertTracker. CIO Connect, ClaimPack, ClaimsEditor, Claralert
,cLARiiON, ClientPak, CloudArray, Codebook Correlation Technology, Common Information Model, Compuset, Compute Anywhere,
Configuration Intelligence, Configuresoft, Connectrix, Constellation Computing, EMC ControlCenter, CopyCross, CopyPoint, CX, DataBridge
, Data Protection Suite. Data Protection Advisor, DBClassify, DD Boost, Dantz, DatabaseXtender, Data Domain, Direct Matrix Architecture,
DiskXtender, DiskXtender 2000, DLS ECO, Document Sciences, Documentum, DR Anywhere, ECS, elnput, E-Lab, Elastic Cloud Storage,
EmailXaminer, EmailXtender , EMC Centera, EMC ControlCenter, EMC LifeLine, EMCTV, Enginuity, EPFM. eRoom, Event Explorer, FAST,
FarPoint, FirstPass, FLARE, FormWare, Geosynchrony, Global File Virtualization, Graphic Visualization, Greenplum, HighRoad, HomeBase,
Illuminator , InfoArchive, InfoMover, Infoscape, Infra, InputAccel, InputAccel Express, Invista, Ionix, ISIS,Kazeon, EMC LifeLine, Mainframe
Appliance for Storage, Mainframe Data Library, Max Retriever, MCx, MediaStor , Metro, MetroPoint, MirrorView, Multi-Band
Deduplication,Navisphere, Netstorage, NetWorker, nLayers, EMC OnCourse, OnAlert, OpenScale, Petrocloud, PixTools, Powerlink,
PowerPath, PowerSnap, ProSphere, ProtectEverywhere, ProtectPoint, EMC Proven, EMC Proven Professional, QuickScan, RAPIDPath, EMC
RecoverPoint, Rainfinity, RepliCare, RepliStor, ResourcePak, Retrospect, RSA, the RSA logo, SafeLine, SAN Advisor, SAN Copy, SAN Manager,
ScaleIO Smarts, EMC Snap, SnapImage, SnapSure, SnapView, SourceOne, SRDF, EMC Storage Administrator, StorageScope, SupportMate,
SymmAPI, SymmEnabler, Symmetrix, Symmetrix DMX, Symmetrix VMAX, TimeFinder, TwinStrata, UltraFlex, UltraPoint, UltraScale,
Unisphere, Universal Data Consistency, Vblock, Velocity, Viewlets, ViPR, Virtual Matrix, Virtual Matrix Architecture, Virtual Provisioning,
Virtualize Everything, Compromise Nothing, Virtuent, VMAX, VMAXe, VNX, VNXe, Voyence, VPLEX, VSAM-Assist, VSAM I/O PLUS, VSET,
VSPEX, Watch4net, WebXtender, xPression, xPresso, Xtrem, XtremCache, XtremSF, XtremSW, XtremIO, YottaYotta, Zero-Friction Enterprise
Storage.
Revision Date: Jauary 2015
Revision Number: MR-1WP-VNXSECFD
Copyright 2015 EMC Corporation. All rights reserved.
VNX Events and Retention Suite Fundamentals
This course covers the EMC VNX Events and Retention Suite. It introduces the components of
that suite - File Level Retention and EMC Common Event Enabler and the benefits,
function, and operation of each.
This module introduces the VNX Events and Retention Suite. The components that make up
the suite are introduced, and the benefits of the suite are listed.
These are the software suites available for the VNX storage systems. These suites each
contain a unique set of solutions to improve efficiency by simplifying and automating many
storage tasks.
<click> This training will focus on the VNX Events and Retention Suite. The VNX Events and
Retention Suite is used for protecting data and reporting VNX events.
The VNX Events and Retention Suite offers solutions that protect File data from modification
or deletion, and integrate with 3rd party management tools. Each component will be
discussed separately.
The VNX Events and Retention Suite (also sold as part of the Total Efficiency Pack) provides a
number of complementary tools that help secure the modern data center.
File Level Retention (FLR): FLR is a capability available to VNX for File that protects files from
modification and deletion until a user specified date. FLR enables customers to create a
permanent, unalterable set of files and directories, and ensures the integrity of the data. At
the NAS level this effectively provides what is traditionally known as Write Once Read Many
(WORM) access. It also includes tools to help users manage FLR automatically. FLR includes 2
versions, an enterprise version (FLR-E) allowing for self governance and a compliance version
(FLR-C) that meets compliance rules such as SEC 17a-4(f).
EMC Common Event Enabler (CEE): CEE provides an integration point between third party
storage management tools and VNX for File. CEE provides an alerting facility that allows third
party applications to take actions based on NAS client activity on the VNX. For example, CEE
supports 3rd party anti-virus engines; when a client attempts to save a file, the VNX system
will indicate to the AV engine that the file needs to be checked for viruses.
The VNX Events and Retention Suite helps businesses protect their data.
WORM-like functionality in FLR allows files to be saved in an unmodified state for
a user-determined period of time. The files can only be modified or removed
once that time period expires. This functionality meets SEC Rule 17a4(f) security
requirements.
CEE allows integration of VNX systems and 3rd party management products by
reporting VNX events. This reporting can then trigger external actions, such as
an anti-virus scan.
This module covered the overview of the VNX Events and Retention Suite, and listed its
components.
This module introduces VNX File Level Retention. The features, function, and configuration of
VNX File Level Retention are covered.
There are two different File Level Retention options available: Enterprise (FLR-E) and
Compliance (FLR-C).
FLR-E allows for businesses to practice good governance practices. It protects data
content from changes made by users through CIFS, NFS, and FTP, while allowing a
VNX Administrator to delete an FLR-E-enabled file system, although a system warning
will appear and the action requires confirmation. Retention periods are set on a perfile basis and are managed at the file level.
FLR-C enables SEC Rule 17a4(f) requirements to be met. It offers the features of FLRE, and protects data content from changes made by users, including the
administrator, through CIFS, NFS, and FTP. An FLR-C-enabled file system cannot be
deleted if it has files in the locked state on it. It also provides hard retention default
periods (default is infinite) for files without retention dates and provides for writeverification with a checksum.
In both FLR-E- and FLR-C-enabled file systems, files that are in the locked state cannot be
modified or deleted. The path to a file in the locked state is also protected from
modification, which means a directory on a File Level Retention-enabled file system cannot
be renamed or deleted while it contains protected files.
All three file system typesnon-File Level Retention file systems (normal file systems that
are not locked by FLR), FLR-E, and FLR-Ccan coexist. The usage license for FLR applies to
both FLR-E and FLR-C.
10
Here are some File Level Retention features.

Tamper-proof clockThe File Level Retention clock is a one-time, settable, tamper-proof clock that is
maintained for each file system. The file system's File Level Retention clock value is initialized by
synchronizing it with the current VNX Data Mover system time when the file system is first mounted
on a Data Mover. The tamper-roof clock is used for all File Level Retention time comparisons and is
maintained separately from the system clock so that changes in the system clock time cannot be used
to fool the Data Mover into allowing the deletion of retained files.
Activity loggingThe activity logging provides a log of all File Level Retention-related activity in each
File Level Retention file system. This activity log is applicable to both the FLR-E and FLR-C options.
The following events are logged to the activity log:
APPEND_ONLY file created

File set to WORM (protected) state
Retention period extended on a WORM or EXPIRED file
Attempt to make a WORM or EXPIRED file writable
Deletion or attempted deletion of a protected (WORM, EXPIRED, APPEND_ONLY) file
And the information captured includes:
Time of event (system time)
Action (create APPEND_ONLY file, etc.)

The identification of the user who performed or attempted the action
Data verificationThis is only applicable to an FLR-C file system and is not enabled by default.
All data writes are verified by reading the data back

Writes to the production FLR-C file system and to local and remote replicas are verified; this
means that both VNX SnapSure and VNX Replicator provide compliant copies, replicas, and
backups of FLR-C file systems
11
File Level Retention allows you to set file-based permissions on a file system to limit write
access for a specified retention period. File Level Retention is enabled on a specified file
system at creation time. When a new file system is created and enabled for file-level
retention, it is always marked as a File Level Retention-enabled file system. After a file
system is created and enabled with File Level Retention, you can apply protection on a perfile basis.
A file in an File Level Retention-enabled file system is always in one of four possible states
based on the file last access time and read-only status - not locked, locked, append (only), or
expired. A file that is not locked is treated exactly as a file in a file system that is not enabled
for File Level Retention; it can be renamed, modified, or deleted. You manage files in the
locked state by setting retention dates that, until the dates have passed, prevent the files
from being modified or deleted.
12
As noted previously, files may be in one of four states:
Not-lockedNormal file
Locked (WORM)File Level Retention-enabled files; files cannot be deleted,
renamed, modified, or appended to
AppendFiles cannot be deleted or renamed; existing data cannot be modified, but

new data can be added
ExpiredFiles cannot be renamed, modified, or appended to, but can be deleted or

relocked
Transitions from one state to another occur as shown:
Non-File Level Retention-enabled files

Set retention date/time (atime [access time]) and make file read-only; file is
committed to a locked state (i.e., it becomes a File Level Retention file)
Increase file retention date/time (atime) where atime is greater than current File
Level Retention clock time
File retention date/time (atime) becomes greater than current File Level Retention
clock time; the file is then expired
If the file is locked, it can become APPEND_ONLY state, where new data can be added
(e.g., log files)
File must be expired to be deleted
13
This module covered VNX File Level Retention. File Level Retention protects files from
deletion or modification for a user-determined time period.
14
This module introduces CEE. The benefits and operation of CEE are discussed.
15
The Events and Retention Suite offers CEE functionality to VNX for File platforms. CEE is an
alerting framework that contains the following facilities and is used to provide a working
environment for these facilities:
The CEE Common Anti-Virus Agent (CAVA) provides an anti-virus solution to clients using a
VNX system. It uses the industry-standard CIFS protocol in a Microsoft Windows domain. The
anti-virus agent uses third-party anti-virus software to identify and eliminate known viruses
before they infect files on the storage system.
The CEE Common Event Publishing Agent (CEPA) implements a mechanism whereby
applications can register to receive event notification and context from the VNX. CEPA
delivers to the consuming application both event notification and associated context
(file/directory metadata needed to make a business policy decision) in one message.
While the CEE framework includes both CAVA and CEPA, they can run independently.
16
The benefits of the CEE framework include:
High availability multiple hosts may be configured

Scalable as your environment grows
Provides load balancing across application servers
Supports heterogeneous anti-virus engines in your environment
Integrated with the top anti-virus, quota management, and auditing vendors
Protects your NAS file environment

The CEE framework allows integration to new applications as required e.g. content
management
17
Function When a file is written and saved (scan on update) or read for the first time (scan
on read), VNX places a block on that file until virus checking has been performed. It
immediately issues a request to a virus-checking engine. This could be a single engine or
many, depending on the volume of data being protected. On receipt of the request, the
virus-checking server performs a standard check on the file. Standard virus checkers request
only a small amount of data (signatures of a few kilobytes each) to establish the presence of
a virus, so the overhead is relatively small. In the case of compressed files, the entire file
must be shipped across the network. In heavy-load environments, a dedicated network
interface can be used for the virus-checking server farm. If a virus is detected, the user and
the Administrator will see a customizable pop-up message.
The scan-on-read functionality is triggered when a file that was last scanned before a set
access time is opened for read. This access time is typically set when a new virus-definition
file is loaded. You may also wish, under certain circumstances, to run anti-virus in scan-onread modefor instance, after a restore of data that may be infected with a latent virus, or
following migration from a general-purpose server onto an VNX system.
Scalability You can scale the solution by adding virus-checking servers as required. Your
server vendors should be able to provide you with an understanding of how many dedicated
servers you would need. You can also use different server types concurrently, as per their
original anti-virus implementation. The performance of anti-virus solutions tends to be
measured in server overhead, and depends on application and workload.
Partnerships CAVA supports the anti-virus vendors listed on the slide. Utilizing CEE is the
only method for performing virus checking on VNX shares. CEE allows VNX to integrate with
industry-leading anti-virus applications.
18
CEPA uses the CEE framework.

The CEE alerts the agents on file and directory actions. Multiple agents can be deployed for
high availability.
The CEE is Windows (CIFS)-based and is available concurrently with anti-virus integration on
each server that runs the CEE license.
Auditing applications monitor and report all key actions performed on computer and storage
systems to identify changes that may be malicious as well as which may relate to system
availability issues, thereby improving system availability. Auditing for CIFS events and for NFS
events is supported.
19
The VNX Google Search Appliance Connector provides VNX storage system integration with
the Google Search Appliance. As a result, the Google Search Appliance indexing of new and
changed content can be reduced from hours to minutes, providing more up-to-date search
results for end users and improved decision making.
The VNX Google Search Appliance Connector is an add-on to the CEE software found in the
Events and Retention Suite.
20
This module covered the Common Event Enabler, and its support for antivirus operations as
well as integration with third-party management and auditing applications.
21
This course covered the VNX Events and Retention Suite, and the benefits it confers in
business environments.
This concludes the training. Proceed to the course assessment on the next slide.
22
25

VNX Events and Retention Suite Fundamentals

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

VNX Events and Retention Suite Fundamentals

Hochgeladen von

Copyright:

Verfügbare Formate

Welcome to VNX Events and Retention Suite Fundamentals.

Copyright 2015 EMC Corporation. All rights reserved.