What's new in StorageGRID 11.5

StorageGRID 11.5 introduces S3 Object Lock, support for KMIP encryption of data, usability improvements to ILM, a redesigned Tenant Manager user interface, support for decommissioning a StorageGRID site, and an appliance node clone procedure.

S3 Object Lock for compliant data

The S3 Object Lock feature in StorageGRID 11.5 is an object-protection solution that is equivalent to S3 Object Lock in Amazon Simple Storage Service (Amazon S3). You can enable the global S3 Object Lock setting for a StorageGRID system to allow S3 tenant accounts to create buckets with S3 Object Lock enabled. The tenant can then use an S3 client application to optionally specify retention and legal hold settings for the objects in those buckets.

S3 Object Lock lets tenant users comply with regulations that require certain objects to be retained for a fixed amount of time or indefinitely.

Managing objects with information lifecycle management

Implementing S3 client applications

Using tenant accounts

KMS encryption key management

You can now configure one or more external key management servers (KMS) in the Grid Manager to provide encryption keys to StorageGRID services and storage appliances. Each KMS or KMS cluster uses the Key Management Interoperability Protocol (KMIP) to provide an encryption key to the appliance nodes at the associated StorageGRID site. After the appliance volumes are encrypted, you cannot access any data on the appliance unless the node can communicate with the KMS.

Note: If you want to use encryption key management, you must use the StorageGRID Appliance Installer to enable the Node Encryption setting for the appliance before you add the appliance to the grid.

Administering StorageGRID

Usability enhancements for information lifecycle management (ILM)

Managing objects with information lifecycle management

Enhancements to the Grid Manager

Administering StorageGRID

Enhancements to the Tenant Manager

Using tenant accounts

Client certificates for Prometheus metrics export

You can now upload or generate client certificates (Configuration > Access Control > Client Certificates), which can be used to provide secure, authenticated access to the StorageGRID Prometheus database. For example, you can use client certificates if you need to monitor StorageGRID externally using Grafana.

Administering StorageGRID

Load balancer enhancements

Administering StorageGRID

Object metadata changes

Administering StorageGRID

Changes to S3 REST API support

Implementing S3 client applications

Maximum size for CloudMirror objects increased to 5 TB

The maximum size for objects that can be replicated to a destination bucket by the CloudMirror replication service was increased to 5 TB, which is the maximum object size supported by StorageGRID.

Implementing S3 client applications

Implementing Swift client applications

New alerts added

The following new alerts were added for StorageGRID 11.5:
  • Appliance BMC communication error
  • Appliance Fibre Channel fault detected
  • Appliance Fibre Channel HBA port failure
  • Appliance LACP port missing
  • Cassandra auto-compactor error
  • Cassandra auto-compactor metrics out of date
  • Cassandra compactions overloaded
  • Disk I/O is very slow
  • KMS CA certificate expiration
  • KMS client certificate expiration
  • KMS configuration failed to load
  • KMS connectivity error
  • KMS encryption key name not found
  • KMS encryption key rotation failed
  • KMS is not configured
  • KMS key failed to decrypt an appliance volume
  • KMS server certificate expiration
  • Low free space for storage pool
  • Node network reception frame error
  • Services appliance storage connectivity degraded
  • Storage appliance storage connectivity degraded (previously named Appliance storage connectivity degraded)
  • Tenant quota usage high
  • Unexpected node reboot

Monitoring and troubleshooting StorageGRID

TCP support for SNMP traps

You can now select Transmission Control Protocol (TCP) as the protocol for SNMP trap destinations. Previously, only the User Datagram Protocol (UDP) protocol was supported.

Monitoring and troubleshooting StorageGRID

Installation and networking enhancements

Red Hat Enterprise Linux or CentOS installation

Ubuntu or Debian installation

Support for rebalancing erasure-coded (EC) data after Storage Node expansion

The EC rebalance procedure is a new command-line script that might be required after you add new Storage Nodes. When you perform the procedure, StorageGRID redistributes erasure-coded fragments among the existing and the newly expanded Storage Nodes at a site.

Attention: You should only perform the EC rebalance procedure in limited cases. For example, if you cannot add the recommended number of Storage Nodes in an expansion, you can use the EC rebalance procedure to allow additional erasure-coded objects to be stored.
Expanding a StorageGRID system

New and revised maintenance procedures

Recovery and maintenance

Changes to StorageGRID appliances

SG100 and SG1000 appliance installation and maintenance

SG6000 appliance installation and maintenance

SG5700 appliance installation and maintenance

SG5600 appliance installation and maintenance

Changes to audit messages

Understanding audit messages

New nms.requestlog file

A new log file, /var/local/log/nms.requestlog, is maintained on all Admin Nodes. This file contains information about outgoing connections from the Management API to internal StorageGRID services.

Monitoring and troubleshooting StorageGRID

StorageGRID documentation changes