WIXLIB

ECSVersion 3.4.0.1Administration Guide302-999-90102February 2020

Copyright 2019-2020 Dell Inc. or its subsidiaries. All rights reserved.Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS-IS.” DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KINDWITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OFMERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE, COPYING, AND DISTRIBUTION OF ANY DELL SOFTWARE DESCRIBEDIN THIS PUBLICATION REQUIRES AN APPLICABLE SOFTWARE LICENSE.Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the propertyof their respective owners. Published in the USA.Dell EMCHopkinton, Massachusetts 01748-91031-508-435-1000 In North America 1-866-464-7381www.DellEMC.com2ECS Administration Guide

CONTENTSFigures7Tables9Chapter 1Overview11Introduction.12ECS platform.12ECS data protection. 14Configurations for availability, durability, and resilience.15ECS network. 17Load balancing considerations. 17Chapter 2Getting Started with ECS19Initial configuration. 20Log in to the ECS Portal. 20View the Getting Started Task Checklist. 21View the ECS Portal Dashboard.22Upper-right menu bar.22View requests. 22View capacity utilization.22View performance. 23View storage efficiency.23View geo monitoring.23View node and disk health. 23View alerts. 23Chapter 3Storage Pools, VDCs, and Replication Groups25Introduction to storage pools, VDCs, and replication groups.26Working with storage pools in the ECS Portal.27Create a storage pool.28Edit a storage pool. 29Working with VDCs in the ECS Portal . 29Create a VDC for a single site. 31Add a VDC to a federation. 31Edit a VDC. 33Remove VDC from a Replication Group.35Fail a VDC (PSO). 36Guidelines to check failover and bootstrap process. 36Working with replication groups in the ECS Portal.37Create a replication group.38Edit a replication group. 40Chapter 4Authentication Providers41Introduction to authentication providers. 42Working with authentication providers in the ECS Portal.42Considerations when adding Active Directory authentication providers.42ECS Administration Guide3

ContentsAD or LDAP authentication provider settings. 43Add an AD or LDAP authentication provider.46Add a Keystone authentication provider.46Chapter 5Namespaces49Introduction to namespaces.50Namespace tenancy.50Working with namespaces in the ECS Portal. 51Namespace settings. 51Create a namespace. 55Edit a namespace. 57Delete a namespace. 58Chapter 6Users and Roles59Introduction to users and roles. 60Users in ECS.60Management users.60Default management users. 60Object users. 61Domain and local users.62User scope. 63User tags. 64Management roles in ECS.64System Administrator. 64System Monitor. 65Namespace Administrator.65Lock Administrator.65Tasks performed by role. 65Working with users in the ECS Portal. 68Add an object user. 70Add a domain user as an object user. 71Add domain users into a namespace.72Create a local management user or assign a domain user or AD group toa management role. 72Assign the Namespace Administrator role to a user or AD group.73Chapter 7Buckets75Introduction to buckets.76Working with buckets in the ECS Portal. 76Bucket settings. 76Create a bucket.79Edit a bucket. 81Set ACLs.82Set bucket policies.85Create a bucket using the S3 API (with s3curl). 89Bucket HTTP headers.91Bucket, object, and namespace naming conventions. 92S3 bucket and object naming in ECS.92OpenStack Swift container and object naming in ECS. 93Atmos bucket and object naming in ECS.93CAS pool and object naming in ECS. 93Disable unused services. 944ECS Administration Guide

ContentsChapter 8File Access97Introduction to file access.98ECS multi-protocol access.98S3/NFS multi-protocol access to directories and files. 98Multi-protocol access permissions. 99Working with NFS exports in the ECS Portal. 101Working with user/group mappings in the ECS Portal. 101ECS NFS configuration tasks. 102Create a bucket for NFS using the ECS Portal. 102Add an NFS export using the ECS Portal.104Add a user or group mapping using the ECS Portal.105Configure ECS NFS with Kerberos security.106Mount an NFS export example. 112Best practices for mounting ECS NFS exports.114NFS access using the ECS Management REST API. 114NFS WORM (Write Once, Read Many).115S3A support. 118Configuration at ECS. 118Configuration at Ambari Node. 118Geo-replication status.119Chapter 9Certificates121Introduction to certificates. 122Generate certificates.122Create a private key.123Generate a SAN configuration. 123Create a self-signed certificate.124Create a certificate signing request. 126Upload a certificate. 130Authenticate with the ECS Management REST API. 130Upload a management certificate. 131Upload a data certificate for data access endpoints. 132Add custom LDAP certificate.133Verify installed certificates. 136Verify the management certificate. 136Verify the object certificate. 137Chapter 10ECS Settings139Introduction to ECS settings. 140Object base URL.140Bucket and namespace addressing. 140DNS configuration. 142Add a Base URL. 142Key Management.143Native Key Management.146External Key Management.146External Key Manager Configuration. 147Key Rotation.152EMC Secure Remote Services.152ESRS prerequisites . 153Add an ESRS Server. 154Verify that ESRS call home works. 155Disable call home. 155Alert policy. 156ECS Administration Guide5

ContentsNew alert policy.156Event notification servers.157SNMP servers. 157Syslog servers. 162Platform locking. 165Lock and unlock nodes using the ECS Portal. 166Lock and unlock nodes using the ECS Management REST API.166Licensing. 167Obtain the Dell EMC ECS license file. 168Upload the ECS license file. 168Security.168Password.169Password Rules. 169Sessions. 171User Agreement. 171About this VDC. 172Chapter 11ECS Outage and Recovery173Introduction to ECS site outage and recovery. 174TSO behavior.174TSO behavior with the ADO bucket setting turned off.174TSO behavior with the ADO bucket setting turned on. 176TSO considerations. 182NFS file system access during a TSO. 182PSO behavior. 182Recovery on disk and node failures.183NFS file system access during a node failure. 183Data rebalancing after adding new nodes. 184Chapter 12Advanced Monitoring185Advanced Monitoring. 186View Advanced Monitoring Dashboards.186Share Advanced Monitoring Dashboards. 192Flux API. 192List of metrics for performance-related data.195Dashboard API's to be deprecated or changed in the next release. 1986ECS Administration Guide

FIGURES12345678910111213141516171819ECS component layers. 13Guide icon .21Getting Started Task Checklist.21Upper-right menu bar. 22Replication group spanning three sites and replication group spanning two sites. 27Adding a subset of domain users into a namespace using one AD attribute.62Adding a subset of domain users into a namespace using multiple AD attributes. 63Bucket Policy Editor code view.86Bucket Policy Editor tree view. 86Data encryption using system-generated keys. 145Encryption of the master key in a geo-replicated environment. 145Native key management. 146Read/write request fails during TSO when data is accessed from non-owner site andowner site is unavailable. 175Read/write request succeeds during TSO when data is accessed from owner site and nonowner site is unavailable. 176Read/write request succeeds during TSO when ADO-enabled data is accessed from nonowner site and owner site is unavailable.177Object ownership example for a write during a TSO in a two-site federation. 179Read request workflow example during a TSO in a three-site federation.180Passive replication in normal state. 181TSO for passive replication. 181ECS Administration Guide7

Figures8ECS Administration Guide

7282930313233343536373839ECS supported data services.13Erasure encoding requirements for regular and cold archives . 14Storage overhead. 15ECS data protection schemes. 16Storage pool properties.27VDC properties. 30Replication Group properties. 38Authentication provider properties.42AD or LDAP authentication provider settings. 43Keystone authentication provider settings. 47Namespace properties.51Namespace settings. 51Default management users. 61Tasks performed by ECS management user role.66Object user properties. 69Management user properties. 69Bucket settings. 77Bucket ACLs. 83Bucket headers.91NFS export properties.101ECS Management REST API calls for managing NFS access. 114Autocommit terms. 115Key Management properties.148Create cluster.148New external key servers.149Key Management properties. 151ESRS properties. 152Syslog facilities used by ECS. 164Syslog severity keywords. 164ECS Management REST API calls for managing node locking .167Password rules. 169Sessions. 171User agreement.171Advanced monitoring dashboards. 186Advanced monitoring dashboard fields. 186Metrics for performance-related data. 195API - Remove. 198API - Change. 198API - No change. 199ECS Administration Guide9

Tables10ECS Administration Guide

CHAPTER 1OverviewlllllIntroduction. 12ECS platform. 12ECS data protection.14ECS network. 17Load balancing considerations.17ECS Administration Guide11

OverviewIntroductionDell EMC ECS provides a complete software-defined cloud storage platform that supports thestorage, manipulation, and analysis of unstructured data on a massive scale on commodityhardware. You can deploy ECS as a turnkey storage appliance or as a software product that isinstalled on a set of qualified commodity servers and disks. ECS offers the cost advantages of acommodity infrastructure and the enterprise reliability, availability, and serviceability of traditionalarrays.ECS uses a scalable architecture that includes multiple nodes and attached storage devices. Thenodes and storage devices are commodity components, similar to devices that are generallyavailable, and are housed in one or more racks.A rack and its components that are supplied by Dell EMC and that have preinstalled software, isreferred to as an ECS appliance. A rack and commodity nodes that are not supplied by Dell EMC, isreferred to as a Dell EMC ECS software only solution. Multiple racks are referred to as a cluster.A rack, or multiple joined racks, with processing and storage that is handled as a coherent unit bythe ECS infrastructure software is referred to as a site, and at the ECS software level as a VirtualData Center (VDC).Management users can access the ECS UI, which is referred to as the ECS Portal, to performadministration tasks. Management users include the System Administrator, NamespaceAdministrator, and System Monitor roles. Management tasks that can be performed in the ECSPortal can also be performed by using the ECS Management REST API.ECS administrators can perform the following tasks in the ECS Portal:lConfigure and manage the object store infrastructure (compute and storage resources) forobject users.lManage users, roles, and buckets within namespaces. Namespaces are equivalent to tenants.Object users cannot access the ECS Portal, but can access the object store to read and writeobjects and buckets by using clients that support the following data access protocols:lAmazon Simple Storage Service (Amazon S3)lEMC AtmoslOpenStack SwiftlECS CAS (content-addressable storage)For more information about object user tasks, see the ECS Data Access Guide, available from theECS Product Documentation page.For more information about System Monitor tasks, see the ECS Monitoring Guide, available fromthe ECS Product Documentation page.ECS platformThe ECS platform is composed of the data services, portal, storage engine, fabric, infrastructure,and hardware component layers.12ECS Administration Guide