Tip:
Highlight text to annotate it
X
Hello, I'm Andrey Tychkin with EMC Isilon.
In this video we'll talk about the auditing capabilities of OneFS 7.1.
OneFS can now audit both configuration changes and the SMB protocol operations.
Let's take a typical use case.
Let's say we have an enterprise IT organization that needs to track configuration changes
on their OneFS cluster.
They also need to track changes made to files and folders on their SMB shares.
To track configuration changes, the storage admin would enable configuration audit on
a specific access zone.
Access zones on OneFS are logical containers of networking, authetication providers, and
share and export settings.
Once enabled, OneFS will track all the configuration changes made over the web UI or the CLI including
the date and time the change happened, who made the change, and what the change actually
was.
In our example, let's say we have a user Mike access storage over the SYSTEM access zone
and make a change to an SMB share.
With configuration audit enabled, his actions will show up in the configuration audit log
and will be visible to an audit admin.
Please note that some of the changes require root privileges and will not be available
in the configuration log.
Now, let's take a look at the SMB protocol auditing.
It's enabled in a similar way to the configuration auditing by access zone and once enabled,
it will track all changes made to files and folders on the SMB shares, like create, modify,
delete, etc.
In our example, we have a FINANCE access zone and a share called Finance-2014.
Let's say we have a user Nate accessing the FINANCE access zone and making a change to
a file on the share.
With protocol auditing enabled, his actions will be logged in the protocol audit logs
and made available to the audit administrator.
Both config audit and protocol audit can be viewed right on the OneFS console with the
isi_audit_viewer command.
Further, the logs can be forwarded to a third party application using the Common Event Enabler
framework.
The logs get sent to a CEE server, which formats them in a way that can be understood by a
third party application such as Varonis DatAdvantage.
Starting with OneFS 7.1, EMC Isilon is certified with Varonis DatAdvantage for protocol audit
analytics.
If you have questions, or want to implement OneFS 7.1 features in your environment, please
contact your account team.
Thank you for watching.