What's new in StorageGRID 11.9
This release of StorageGRID introduces the following features and functional changes.
Scalability
Data-only Storage Nodes
To allow for more granular scaling, you can now install data-only Storage Nodes. Where metadata processing isn't critical, you can optimize your infrastructure cost-effectively. This flexibility helps accommodate varying workloads and growth patterns.
Cloud Storage Pool enhancements
IAM Roles Anywhere
StorageGRID now supports short term credentials using IAM Roles Anywhere in Amazon S3 for Cloud Storage Pools.
Using long-term credentials to access S3 buckets poses security risks if these credentials are compromised. Short-term credentials have a limited lifespan, which reduces the risk of unauthorized access.
S3 Object Lock buckets
You can now configure a Cloud Storage Pool using an Amazon S3 endpoint. S3 Object Lock helps prevent accidental or malicious deletion of objects. If you tier data from StorageGRID to Amazon S3, having object lock enabled on both systems enhances data protection across the data's lifecycle.
Multi-tenancy
Bucket limits
By setting limits on S3 buckets, you can prevent tenants from monopolizing capacity. Additionally, uncontrolled growth can result in unexpected costs. By having defined limits, you can better estimate tenant storage expenses.
5,000 buckets per tenant
To enhance scalability, StorageGRID now supports up to 5,000 S3 buckets per tenant. Each grid can have a maximum of 100,000 buckets.
To support 5,000 buckets, each Storage Node in the grid must have a minimum of 64 GB of RAM.
S3 Object Lock improvements
Per-tenant configuration capabilities provide the appropriate balance of flexibility and data security. You can now configure per-tenant retention settings to:
-
Allow or disallow compliance mode
-
Set a maximum retention period
Refer to:
S3 compatibility
x-amz-checksum-sha256 checksum
-
The S3 REST API now provides support for
x-amz-checksum-sha256
checksum. -
StorageGRID now provides SHA-256 checksum support for PUT, GET and HEAD operations. These checksums enhance data integrity.
Changes to S3 protocol support
-
Added support for Mountpoint for Amazon S3, which allows applications to connect directly to S3 buckets as if they were local file systems. You can now use StorageGRID with more applications and more use cases.
-
As part of adding support for Mountpoint, StorageGRID 11.9 contains additional changes to S3 protocol support.
Maintenance and Supportability
AutoSupport
AutoSupport now automatically creates hardware failure cases for legacy appliances.
Expanded node clone operations
Node clone usability has been expanded to support larger storage nodes.
Improved ILM handling of expired delete markers
ILM ingest time rules with a time period of Days now also remove expired object delete markers. Delete markers are only removed when a time period of Days has passed and the current delete maker has become expired (there are no non-current versions).
Improved node decommissioning
To provide a smooth and efficient transition to StorageGRID next-generation hardware, node decommissioning has been improved.
Syslog for load balancer endpoints
Load balancer endpoint access logs contain troubleshooting information, such as HTTP status codes. StorageGRID now supports exporting these logs to an external syslog server. This enhancement allows for more efficient log management and integration with existing monitoring and alerting systems.
Additional enhancements for maintenance and supportability
-
Metrics UI update
-
New operating system qualifications
-
Support for new third-party components
Security
SSH access keys rotation
Grid administrators can now update and rotate SSH keys. The ability to rotate SSH keys is a security best practice and a proactive defense mechanism.
Alerts for root logins
When an unknown entity signs in to the Grid Manager as root, an alert is triggered. Monitoring root SSH logins is a proactive step toward safeguarding your infrastructure.
Grid Manager enhancements
Erasure-coding profiles page moved
The Erasure-coding profiles page is now located at CONFIGURATION > System > Erasure coding. It used to be in the ILM menu.
Search enhancements
The search field in the Grid Manager now includes better matching logic, allowing you to find pages by searching for common abbreviations and by the names of certain settings within a page. You can also search for more types of items, like nodes, users, and tenant accounts.