What’s new in StorageGRID 11.6

Contributors netapp-madkat netapp-lhalbert netapp-pcelmer

This release of StorageGRID introduces the following features.

Usability enhancements

The Grid Manager user interface was substantially redesigned to improve the user experience.

  • A new sidebar replaces the pull-down menus in the old user interface.

  • Several menus were reorganized to keep related options together. For example, the CONFIGURATION menu includes a new Security section for the Certificates, Key management server, Proxy settings, and Untrusted Client Networks options.

  • A Search field in the header bar allows you to quickly navigate to Grid Manager pages.

  • The summary table on the Nodes page provides high-level information for all sites and nodes, such as object data used and object metadata used, and includes a new search field. Alert icons are displayed next to any nodes with active alerts.

  • New wizards guide you through more complex configurations, such as the workflows for admin groups, admin users, tenants, load balancer endpoints, and high availability (HA) groups.

  • All UI pages were restyled with updated fonts, button styles, and table formats.

    Note Unless there was a functional change, the screenshots in the StorageGRID 11.6 Doc Site were not updated to reflect the new Grid Manager page styling.

See the following:

Multiple VLAN interfaces

You can now create virtual LAN (VLAN) interfaces for Admin Nodes and Gateway Nodes. You can use VLAN interfaces in HA groups and load balancer endpoints to isolate and partition client traffic for security, flexibility, and performance.

  • The new Create a VLAN interface wizard guides you through the process of entering a VLAN ID and choosing a parent interface on one or more nodes. A parent interface can be the Grid Network, the Client Network, or an additional trunk interface for the VM or bare-metal host. See Configure VLAN interfaces.

  • You can now add extra trunk or access interfaces to a node. If you add a trunk interface, you must configure a VLAN interface. If you add an access interface, you can add the interface directly to an HA group; you do not need to configure a VLAN interface. See the following:

Can use Azure AD for identity federation

You can now select Azure Active Directory (Azure AD) as the identity source when configuring identity federation for the Grid Manager or the Tenant Manager. See Use identity federation.

Can use Azure AD and PingFederate for SSO

You can now select Azure AD or PingFederate as the SSO type when configuring single sign-on (SSO) for your grid. You can then use sandbox mode to configure and test the Azure AD enterprise applications or PingFederate service provider (SP) connections to each StorageGRID Admin Node. See Configure single sign-on.

Centralized certificate management

  • The new Certificates page (CONFIGURATION > Security > Certificates) consolidates information about all StorageGRID security certificates to a single location. You can manage StorageGRID global, grid CA, and client certificates from the new page or view information about other certificates, such as those used for load balancer endpoints, tenants, and identity federation. See About security certificates.

  • As part of this change, the following global certificates were renamed:

    • The Management Interface Server Certificate is now the Management interface certificate.

    • The Object Storage API Service Endpoints Server Certificate (also called the Storage API Server Certificate) is now the S3 and Swift API certificate.

    • The Internal CA Certificate, System CA Certificate, CA Certificate, and Default CA certificate are now consistently referred to as the Grid CA certificate.

Other Grid Manager enhancements

  • Updates to high availability (HA) groups. A wizard now guides you through the process of creating an HA group. See Configure high availability groups.

    • In addition to selecting interfaces on the Grid Network (eth0) or Client Network (eth2), you can now select VLAN interfaces or any access interfaces you have added to the node.

    • You can now specify a priority order for the interfaces. You can choose the primary interface and rank each backup interface in order.

    • If any S3, Swift, administrative, or tenant clients will access the VIP addresses for the HA group from a different subnet, you can now provide the IP address for the gateway.

  • Updates to load balancer endpoints. A new wizard guides you through the process of creating a load balancer endpoint. See Configure load balancer endpoints.

    • You now select the client type (S3 or Swift) when you first create the endpoint, instead of adding this detail after the endpoint is created.

    • You can now use the global StorageGRID S3 and Swift certificate for a load balancer endpoint instead of uploading or generating a separate certificate.

      Note This global certificate was previously used for connections to the deprecated CLB service and to Storage Nodes. If you want to use the global certificate for a load balancer endpoint, you must upload a custom certificate on the S3 and Swift API certificate page.

New Tenant Manager features

  • New Experimental S3 Console. Available as a link from the Buckets page in Tenant Manager, the new experimental S3 Console lets S3 tenant users view and manage the objects in their buckets. See Use Experimental S3 Console.

Important The experimental S3 Console has not been fully tested and is not intended for bulk management of objects or for use in a production environment. Tenants should only use S3 Console when performing functions for a small number of objects or when using proof-of-concept or non-production grids.
  • Can delete multiple S3 buckets. Tenant users can now delete more than one S3 bucket at a time. Each bucket that you want to delete must be empty. See Delete S3 bucket.

  • Updates to Tenant accounts permission. Admin users who belong to a group with the Tenant accounts permission can now view existing traffic classification policies. Previously, users were required to have Root access permission to view these metrics.

New upgrade and hotfix process

External syslog server support

  • You can now configure an external syslog server if you want to save and manage audit messages and a subset of StorageGRID logs remotely (CONFIGURATION > Monitoring > Audit and syslog server). After an external syslog server is configured, you can save audit messages and certain log files locally, remotely, or both. By configuring the destinations of your audit information, you can reduce network traffic on your Admin Nodes. See Configure audit messages and log destinations.

  • Related to this functionality, new check boxes on the Logs page (SUPPORT > Tools > Logs) allow you to specify which types of logs you want to collect, such as certain application logs, audit logs, logs used for network debugging, and Prometheus database logs. See Collect log files and system data.

S3 Select

You can now optionally allow S3 tenants to issue SelectObjectContent requests to individual objects. S3 Select provides an efficient way to search through large amounts of data without having to deploy a database and associated resources to enable searches. It also reduces the cost and latency of retrieving data. See Manage S3 Select for tenant accounts and Use S3 Select.

Grafana charts for S3 Select operations were also added. See Review support metrics.

S3 Object Lock default bucket retention period

When using S3 Object Lock, you can now specify a default retention period for the bucket. The default retention period applies to any objects added to the bucket that do not have their own retention settings. See Use S3 Object Lock.

Google Cloud Platform support

You can now use the Google Cloud Platform (GCP) as an endpoint for Cloud Storage Pools and the CloudMirror platform service. See Specify the URN for a platform services endpoint and Create a Cloud Storage Pool.

AWS C2S support

You can now use AWS Commercial Cloud Services (C2S) endpoints for CloudMirror replication. See Create platform services endpoint.

Other S3 changes

  • GET Object and HEAD Object support for multipart objects. Previously, StorageGRID did not support the partNumber request parameter in GET Object or HEAD Object requests. You can now issue GET and HEAD requests to retrieve a specific part of a multipart object. GET and HEAD Object also support the x-amz-mp-parts-count response element to indicate how many parts an object has.

  • Changes to "Available" consistency control. The “Available” consistency control now behaves the same as the “read-after-new-write” consistency level, but provides eventual consistency for HEAD and GET operations. The “Available” consistency control offers higher availability for HEAD and GET operations than “read-after-new-write” if Storage Nodes are unavailable. Differs from Amazon S3 consistency guarantees for HEAD and GET operations.

Performance enhancements

  • Storage Nodes can support 2 billion objects. The underlying directory structure on Storage Nodes was optimized for better scalability and performance. Storage Nodes now use additional subdirectories to store up to two billion replicated objects and to maximize performance. Node subdirectories are modified when you upgrade to StorageGRID 11.6, but existing objects are not redistributed to the new directories.

  • ILM-driven delete performance increased for high-performance appliances. The resources and throughput used to perform ILM delete operations now adapt to the size and capability of each StorageGRID appliance node. For SG5600 appliances, the throughput is the same as for StorageGRID 11.5. For SG5700 appliances, small improvements were made to ILM delete performance. For SG6000 appliances, which have more RAM and more CPUs, ILM deletes are now processed much more quickly. The improvements are especially noticeable on all-flash SGF6024 appliances.

  • Storage volume watermarks optimized. In previous releases, the settings of the three Storage Volume Watermarks applied to every storage volume on every Storage Node. StorageGRID can now optimize these watermarks for each storage volume, based on the size of the Storage Node and the relative capacity of the volume. See What are storage volume watermarks.

    Optimized watermarks are automatically applied to all new and most upgraded StorageGRID 11.6 systems. The optimized watermarks will be larger than the previous default settings.

    If you use custom watermarks, the Low read-only watermark override alert might be triggered after you upgrade. This alert lets you know if your custom watermark settings are too small. See Troubleshoot Low read-only watermark override alerts.

    As part of this change, two Prometheus metrics were added:

    • storagegrid_storage_volume_minimum_optimized_soft_readonly_watermark

    • storagegrid_storage_volume_maximum_optimized_soft_readonly_watermark

  • Maximum allowed metadata space increased. The maximum allowed metadata space for Storage Nodes was increased to 3.96 TB (from 2.64 TB) for higher-capacity nodes, which are nodes with an actual reserved space for metadata of more than 4 TB. This new value allows more object metadata to be stored on certain Storage Nodes and can increase StorageGRID metadata capacity by up to 50%.

    Note If you have not already done so, and if your Storage Nodes have enough RAM and sufficient space on volume 0, you can manually increase the Metadata Reserved Space setting up to 8 TB after you install or upgrade.

Enhancements to maintenance procedures and support tools

  • Can change node console passwords. You now can use the Grid Manager to change node console passwords (CONFIGURATION > Access control > Grid passwords). These passwords are used to log in to a node as “admin” using SSH, or to the root user on a VM/physical console connection. See Change node console passwords.

  • New Object existence check wizard. You can now verify object integrity with an easy-to-use Object existence check wizard (MAINTENANCE > Tasks > Object existence check), which replaces the foreground verification procedure. The new procedure takes one third of the time or less to complete and can verify multiple nodes at the same time. See Verify object integrity.

  • "Estimated time to completion" chart for EC rebalance and EC repair jobs. You can now view the estimated time to completion and the completion percentage for a current EC rebalance or EC repair job.

  • Estimated percent complete for replicated data repairs. You can now add the show-replicated-repair-status option to the repair-data command to see an estimated percent completion for a replicated repair.

    Important The show-replicated-repair-status option is available for technical preview in StorageGRID 11.6. This feature is under development, and the value returned might be incorrect or delayed. To determine if a repair is complete, continue to use Awaiting - All, Repairs Attempted (XRPA), and Scan Period — Estimated (XSCM) as described in the recovery procedures.
  • The results on the Diagnostics page (SUPPORT > Tools > Diagnostics) are now sorted by severity and then alphabetically.

  • Prometheus and Grafana were updated to newer versions with modified interfaces and charts. As part of this change, the labels in some metrics were changed.

    • If you have custom queries that used the labels from node_network_up, you should now use the labels from node_network_info instead.

    • If you also used the label name interface from any of the node_network metrics, you should now use the the device label instead.

  • Previously, Prometheus metrics were stored on Admin Nodes for 31 days. Now, metrics are stored until the space reserved for Prometheus data is full, which can significantly increase how long historical metrics are available.

    When the /var/local/mysql_ibdata/ volume reaches capacity, the oldest metrics are deleted first.

Installation enhancements

  • You now have the option to use Podman as a container during the installation of Red Hat Enterprise Linux. Previously, StorageGRID only supported a Docker container.

  • The API schemas for StorageGRID are now included in the installation archives for the RedHat Enterprise Linux/CentOS, Ubuntu/Debian, and VMware platforms. After extracting the archive, you can find the schemas in the /extras/api-schemas folder.

  • The BLOCK_DEVICE_RANGEDB key in the node configuration file for bare-metal deployments should now contain three digits instead of two. That is, instead of BLOCK_DEVICE_RANGEDB_nn, you should specify BLOCK_DEVICE_RANGEDB_nnn.

    For compatibility with existing deployments, two-digit keys are still supported for upgraded nodes.

  • You can optionally add one or more instances of the new INTERFACES_TARGET_nnnn key to the node configuration file for bare-metal deployments. Each key provides the name and description of a physical interface on the bare-metal host, which will be displayed on the VLAN interfaces page and the HA groups page.

New alerts

The following new alerts were added for StorageGRID 11.6:

  • Audit logs are being added to the in-memory queue

  • Cassandra table corruption

  • EC rebalance failure

  • EC repair failure

  • EC repair stalled

  • Expiration of global server certificate for S3 and Swift API

  • External syslog CA certificate expiration

  • External syslog client certificate expiration

  • External syslog server certificate expiration

  • External syslog server forwarding error

  • Identity federation synchronization failure for a tenant

  • Legacy CLB load balancer activity detected

  • Logs are being added to the on-disk queue

  • Low read-only watermark override

  • Low tmp directory free space

  • Object existence check failed

  • Object existence check stalled

  • S3 PUT Object size too large

See the Alerts reference.

Changes to audit messages

  • A new BUID field was added to the ORLM: Object Rules Met audit message. The BUID field shows the bucket ID, which is used for internal operations. The new field appears only if the message status is PRGD.

  • A new SGRP field was added to the following audit messages. The SGRP field is present only if an object was deleted at a different site than where it was ingested.

    • IDEL: ILM Initiated Delete

    • OVWR: Object Overwrite

    • SDEL: S3 DELETE

    • WDEL: Swift DELETE

StorageGRID documentation changes

The look and feel of the StorageGRID 11.6 documentation site has been modified and now uses GitHub as the underlying platform.

NetApp appreciates feedback on content and encourages users to take advantage of the new “Request doc changes” function available on every page of the product documentation. The documentation platform also offers an embedded content contribution function for GitHub users.

Take a look and contribute to this documentation. You can edit, request a change, or simply send feedback.