What's new in StorageGRID 11.7
This release of StorageGRID introduces the following features and functional changes.
New features
Grid federation
You can configure a grid federation connection between two StorageGRID systems to clone tenant account information and replicate bucket objects between the grids for disaster recovery. See What is grid federation?, What is account clone, and What is cross-grid replication.
Improved read availability
The read-after-new-write (default) consistency control was improved to be more available. GET/HEAD requests for non-existent objects will succeed with up to one Storage Node offline at each site. Buckets are no longer required to be set to the Available consistency control for this scenario. For example, applications that check existence of an object before creation will properly function with read-after-new-write even during software upgrade when one Storage Node is offline.
Rename grid, sites, and nodes
A new maintenance procedure lets you change the display names that are shown throughout the Grid Manager. You can update display names safely and whenever you need. See Rename grid, sites, and nodes.
FabricPool and S3 setup wizard
The FabricPool and S3 setup wizard guides you through each step of configuring StorageGRID for use with ONTAP FabricPool or other S3 client application and produces a file you can use when entering required values in the other application. See Use FabricPool setup wizard and Use S3 setup wizard.
Related to this change, a banner is now displayed on the dashboard to remind new users to configure S3 endpoint domain names for S3 virtual-hosted-style requests and set up email notifications for alerts.
Firewall controls
The Firewall control page enables you to manage the external access of ports on nodes in your grid, and to define host addresses and IP subnets that are allowed access to closed ports. The new page also includes the untrusted Client Network settings, which now allow you to select additional ports you want open when untrusted Client Network is configured. See Configure internal firewall.
Enhanced security policies
You can now determine which protocols and ciphers are used to establish secure TLS connections with client applications and secure SSH connections to internal StorageGRID services. See Manage the TLS and SSH policy.
Load balancer endpoint changes
When configuring load balancer endpoints, you can now:
-
Allow all tenants to access the endpoint (default), or specify a list of allowed or blocked tenants to provide better security isolation between tenants and their endpoints.
-
Use the Node Type binding mode to require clients to use the IP address (or corresponding FQDN) of any Admin Node or the IP address of any Gateway Node, based on the type of node you select.
SGF6112 all-flash appliance
The new StorageGRID SGF6112 storage appliance features a compact design with compute controller and storage controller integrated into a 1U chassis. The appliance supports 12 SSD NVMe drives with a storage capacity of up to 15.3 TB per drive. The SSD drives are in a RAID that provides resilient object storage. See SGF6112 appliance: Overview.
Other Grid Manager enhancements
ILM enhancements
The improved ILM wizard makes it easier to specify filters, enter time periods and placements, and view retention diagrams. Erasure-coding profiles are created automatically when you select a storage pool and an EC scheme for a placement. For new StorageGRID 11.7 installations (not upgrades), a storage pool is automatically created for each site and the new 1 Copy Per Site default rule ensures that new multi-site installations will have site-loss protection by default. See Manage objects with ILM.
Customizable dashboard
You can now configure custom dashboards for the Grid Manager. See View and manage the dashboard.
Volume restoration UI
Storage volume restoration lets you restore object data if a storage volume fails. For StorageGRID 11.7, you can start volume restoration from Grid Manager in addition to the existing method of entering commands manually. Using Grid Manager is now the preferred method for restoring object data. See Restore object data using Grid Manager.
Upgrade and hotfix UI
When you upgrade to StorageGRID 11.7, you can apply the latest 11.7 hotfix at the same time. The StorageGRID upgrade page shows the recommended upgrade path and links directly to the correct download pages. See Perform upgrade.
Units for storage values
You can now select base 10 or base 2 units for the storage values displayed in the Grid Manager and Tenant Manager. Select the user drop-down in the upper right of the Grid Manager or Tenant Manager, then select User preferences.
Access MIB from Grid Manager
You can now access SNMP-compliant MIB files from the Grid Manager using the SNMP agent page. See Access MIB files.
Custom storage grades for new nodes
When you perform an expansion to add a new site or new Storage Nodes, you can now assign a custom storage grade to each new node. See Perform expansion.
Tenant Manager updates
Cross-grid replication
Tenant accounts that have permission to use a grid federation connection can clone tenant groups, users, and S3 keys from one grid to another and use cross-grid replication to replicate bucket objects between two grids. See Clone tenant groups and users and Manage cross-grid replication.
Delete all objects from bucket
Tenant Manager users can now delete all objects in a bucket, so the bucket can be deleted. See Delete objects in bucket.
S3 Object Lock default retention
Tenant Manager users can now enable and configure default retention when creating S3 Object Lock buckets. See Create an S3 bucket.
S3 updates
S3 Object Lock governance mode
When specifying the S3 Object Lock settings for an object or the default retention settings for a bucket, you can now use governance mode. This retention mode allows users with special permission to bypass certain retention settings. See Use S3 Object Lock to retain objects and Use S3 REST API to configure S3 Object Lock.
S3 group policy for ransomware mitigation
When added as the group policy for an S3 tenant account, the sample policy helps mitigate ransomware attacks. It prevents older object versions from being permanently deleted. See Create groups for an S3 tenant.
NewerNoncurrentVersions threshold for S3 buckets
The NewerNoncurrentVersions
action in the bucket lifecycle configuration specifies the number of noncurrent versions retained in a versioned S3 bucket. This threshold overrides lifecycle rules provided by ILM. See How objects are deleted.
S3 Select updates
S3 SelectObjectContent now offers support for Parquet objects. In addition, you can now use S3 Select with Admin and Gateway load balancer endpoints that are bare metal nodes running a kernel with cgroup v2 enabled. See S3 SelectObjectContent.
Other enhancements
Certificate subject optional
The certificate subject field is now optional. If this field is left blank, the generated certificate uses the first domain name or IP address as the subject common name (CN). See Manage security certificates.
ILM audit message category and new messages
An audit message category was added for ILM operations and includes the IDEL, LKCU, and ORLM messages. This new category is set to Normal. See ILM operations audit messages.
In addition, new audit messages were added to support new 11.7 functionality:
New alerts
The following new alerts were added for StorageGRID 11.7:
-
Appliance DAS drive fault detected
-
Appliance DAS drive rebuilding
-
Appliance fan fault detected
-
Appliance NIC fault detected
-
Appliance SSD critical warning
-
AutoSupport message failed to send
-
Cassandra oversize write error
-
Cross-grid replication permanent request failure
-
Cross-grid replication resources unavailable
-
Debug performance impact
-
Expiration of grid federation certificate
-
FabricPool bucket has unsupported bucket consistency setting
-
Firewall configuration failure
-
Grid federation connection failure
-
Storage appliance fan fault detected
-
Storage Node not in desired storage state
-
Storage volume needs attention
-
Storage volume needs to be restored
-
Storage volume offline
-
Trace configuration enabled
-
Volume Restoration failed to start replicated data repair
Documentation changes
-
A new quick reference summarizes how StorageGRID supports Amazon Simple Storage Service (S3) APIs. See Quick reference: Supported S3 API requests.
-
The new StorageGRID quick start lists the high-level steps for configuring and using a StorageGRID system and provides links to the relevant instructions.
-
The appliance hardware installation instructions were combined and consolidated for ease of use. A quick start was added as a high-level guide to hardware installation. See Quick start for hardware installation.
-
The maintenance instructions common to all appliance models were combined, consolidated, and moved to the maintenance section of the doc site. See Common node maintenance: Overview.
-
The maintenance instructions specific to each appliance model were also moved to the maintenance section: