PowerScale Connector Overview
This connector enables you to use Data Access Security to access and analyze data stored in PowerScale and do the following:
- Provide storage structure analysis.
- Verify user permissions.
- Classify the data being stored.
- Monitor user activity on resources.
- Collect local users and groups.
This connector does not support PowerScale NFS.
Installation Flow Overview
- Configure the prerequisites.
- Add a new PowerScale application.
PowerScale Connector Operation Principles
- Data Access Security connects to the EMC PowerScale shares and analyzes folders permissions.
- Data Access Security utilizes SMB protocol to gather local users, groups, and share permissions. Data Access Security will utilize OneFS platform API (if enabled) and SMB protocol to process audit events.
Collecting Data Stored in a Managed Application
The list below describes the high-level installation process required to collect and analyze data from an external application. Most of these should already be set up in your Data Access Security installation.
- Create a Virtual Appliance cluster for each feature that needs to be enabled for Data Access Security.
- Create an Application in Data Access Security.
Multiple Access-Zone and Tenant Isolation Support
Data Access Security offers tenant isolation and full capabilities for multiple access-zones on PowerScale Clusters. With the addition of the activity monitoring and permissions collection capabilities for multiple access-zones within an PowerScale cluster and removing the dependency on the administrative (system)-zone-based OneFS API, each access zone within the cluster can function as an independent PowerScale application within Data Access Security, with the complete set of Data Access Security capabilities.
This mode of access requires knowledge, connectivity and access rights of and to the managed access zone. This allows for a complete delegation of the configuration, administration and monitoring of an PowerScale access zone to the tenant owner, and does not require centralized management. Tenant Isolation and management is critically valuable in multi-tenant hosted environments, where such isolation enhances data privacy and autonomous management.
The access zone and management API (optional) settings can be configured through the application configuration wizards.
With full tenant isolation, and full capability support for multiple access zones on the PowerScale cluster, each access zone is treated as a separate entity.
Activity Monitoring for Access Zones of the Same Cluster
Due to limitations of the CEPA architecture, all systems utilizing the same Common Event Enabler (CEE) must be configured to use the same Data Access Security activity monitoring virtual appliance cluster. There is a one to one relationship from the virtual appliance cluster to the CEE. You must select the same activity monitoring virtual appliance cluster for all associated Data Access Security applications.
For example, PowerScale1, PowerScale2, and Unity1 are configured with CEE1. PowerScale3 is configured with CEE2. When creating Data Access Security applications for PowerScale1, PowerScale2 and Unity1, each need to be configured utilizing the same activity monitoring virtual appliance cluster which corresponds to CEE1. When creating a Data Access Security application for PowerScale3, it would require creating a new activity monitoring virtual appliance cluster which would correspond to CEE2. Do not utilize the same activity monitoring virtual appliance cluster configured with CEE1 for PowerScale3 applications.
Important
Configuring multiple CEE's to one activity monitoring virtual appliance cluster can cause missing events.
Important
This only applies for Dell EMC activity monitoring.
Due to limitations in the CEE architecture, the CEE forwards events to only one virtual appliance node in the activity monitor virtual appliance cluster at a time. Any additional virtual appliances associated in the cluster will act as a failover.
Important
Adding multiple virtual appliances in the cluster will not improve throughput.
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.