Manage data protection administration

Stay organized with collections Save and categorize content based on your preferences.

The Data Protection Administration interface enables users to protect their data with PowerScale enterprise-level features SnapshotIQ and SyncIQ. For more information on the PowerScale Administration WebUI, see Dell Technologies PowerScale for Google Cloud: Overview and Solution Design Considerations.

Create snapshots with SnapshotIQ

You can create snapshots to protect data with the SnapshotIQ feature. Snapshots protect data against accidental deletion and modification by letting you restore deleted and modified files. The SnapshotIQ feature can take read-only, point-in-time copies (snapshots) of any directory or subdirectory. When a snapshot is taken, it preserves the exact state of a file system at that instant, so it can be accessed later.

Snapshots require less space than a remote backup because unaltered data is referenced rather than recreated. This immutable, point-in-time copy has various applications. For example, you can use snapshots to make consistent backups, or to restore files which were accidentally changed or deleted. You can also use snapshots to quickly identify file system changes. Snapshots also enable you to capture a directory instantaneously. Or, you can create snapshot schedules to take periodic snapshots automatically. You can also assign an expiration period that determines when SnapshotIQ deletes each automatically generated snapshot.

Avoid creating snapshots of directories that other snapshots already reference and delete unwanted snapshots for efficiency. Dell recommends only taking snapshots on the subdirectory of your access zone directory path. Don't create a snapshot to the /ifs path. For more technical details, see Data Protection with Dell EMC PowerScale SnapshotIQ.

Data replication with SyncIQ

PowerScale enables you to replicate data from one PowerScale cluster to another through SyncIQ. You can replicate data at the directory level and can exclude specific files and subdirectories from being replicated.

SyncIQ creates and references snapshots to replicate a consistent, point-in-time image of a source directory. Metadata, such as access control lists (ACL) and alternate data streams (ADS), are replicated along with data. SyncIQ enables you to maintain a consistent replica of your data on another PowerScale cluster and to control the frequency of data replication.

SyncIQ also offers automated failover and failback capabilities. Those capabilities let you continue operations on the secondary PowerScale cluster if your primary cluster becomes unavailable.

SyncIQ features

Replication policies

SyncIQ replication policies specify what data is replicated, where the data is replicated to, and how often the data is replicated.

Replication jobs replicate data from one PowerScale cluster to another. SyncIQ generates replication jobs according to replication policies. The status of jobs can be viewed under the Summary tab. Administrators can also control the bandwidth consumed by SyncIQ jobs by setting performance rules.

For more information about SyncIQ configuration and considerations, see Dell EMC PowerScale SyncIQ: Architecture, Configuration, and Considerations.

SyncIQ requires VPC network peering to be setup between source and target cluster data plane networks. For information on how to setup VPC network peering, see Google Cloud VPC Network Peering overview.

A replication policy specifies two clusters:

  • Source cluster - The cluster on which the replication policy exists.
  • Target cluster - The cluster that data is being replicated to.

When a replication policy starts, SyncIQ generates a replication job for the policy. When a replication job runs, files from a directory tree on the source cluster are replicated to a directory tree on the target cluster; these directory trees are known as source and target directories.

If any of the following policy settings are modified after the policy runs, OneFS performs either a full or differential replication the next time the policy runs:

  • Source directory
  • Included or excluded directories
  • File-criteria statement
  • Target cluster name or address
  • Target directory

For detailed steps on creating replication policy and how to use certificates for encryption, see the Creating replication policies section of the OneFS Web Administration Guide.

SyncIQ encryption

Enabling SyncIQ encryption provides end-to-end encryption for SyncIQ data replication, protecting and securing in-flight data between clusters. SyncIQ provides encryption using X.509 certificates paired with TLS version 1.2 and OpenSSL version 1.0.2o. The certificates are stored and managed in the certificate stores for the source cluster and the target cluster. Encryption between clusters takes place with each cluster storing its own certificate and the certificate of its peer. That means, the source cluster is required to store the certificate of the target cluster and the target cluster is required to store the certificate of the source cluster. Storing the certificate of the peer creates an allowlist of approved clusters for data replication.

For SyncIQ encryption, only use certificates issued by a certificate authority (CA) that PowerScale trusts. A list of trusted CA certificates appears in the appendix. You can purchase certificates from one of the vendors in the list. The FQDN to be used for a certificate request is the Cluster FQDN that was configured while creating the cluster.

For detailed instructions on how to add certificates on the source cluster and target cluster, see the Data Encryption with SyncIQ section of the OneFS Web Administration Guide.

Appendix: Dell Cloud PowerScale for Google Cloud trusted certificate authorities

The following certificate authorities and their SHA1 and SHA256 fingerprints appear in the following table.

Certificate Authority SHA1 fingerprint SHA256 fingerprint
GoogleTrustServices_Y3 75:72:16:d7:5c:e5:f4:0f:b2:04:88:66:61:db:1e:4a:8f:93:4d:a7 07:15:c5:78:73:44:ff:4d:27:c4:e7:9d:2a:fd:91:dd:38:a6:42:d4:cf:0d:98:28:b1:26:20:a6:2f:52:65:9e
GoogleTrustServices_Root_R3 30:d4:24:6f:07:ff:db:91:89:8a:0b:e9:49:66:11:eb:8c:5e:46:e5 15:d5:b8:77:46:19:ea:7d:54:ce:1c:a6:d0:b0:c4:03:e0:37:a9:17:f1:31:e8:a0:4e:1e:6b:7a:71:ba:bc:e5
BaltimoreCyberTrustRoot d4:de:20:d0:5e:66:fc:53:fe:1a:50:88:2c:78:db:28:52:ca:e4:74 16:af:57:a9:f6:76:b0:ab:12:60:95:aa:5e:ba:de:f2:2a:b3:11:19:d6:44:ac:95:cd:4b:93:db:f3:f2:6a:eb
GoogleInternetAuthority_G4 bd:1f:9a:24:e0:7d:4b:35:72:6e:d7:f0:65:7a:6f:d9:47:1a:06:72 17:8c:e2:ce:41:e6:d2:99:26:c8:93:72:ec:f0:1b:11:20:ad:7b:6d:98:0a:d2:98:35:4c:2e:fd:31:41:e1:29
DigiCertSHA2HighAssuranceServerCA a0:31:c4:67:82:e6:e6:c6:62:c2:c8:7c:76:da:9a:a6:2c:ca:bd:8e 19:40:0b:e5:b7:a3:1f:b7:33:91:77:00:78:9d:2f:0a:24:71:c0:c9:d5:06:c0:e5:04:c0:6c:16:d7:cb:17:c0
GoogleTrustServices_Root_R1 e1:c9:50:e6:ef:22:f8:4c:56:45:72:8b:92:20:60:d7:d5:a7:a3:e8 2a:57:54:71:e3:13:40:bc:21:58:1c:bd:2c:f1:3e:15:84:63:20:3e:ce:94:bc:f9:d3:cc:19:6b:f0:9a:54:72
GoogleTrustServices_Y4 d3:a5:8b:0a:c2:c6:20:bc:5c:87:aa:9b:ba:d4:c2:15:13:07:04:e2 55:ba:b3:c5:16:d5:0e:7f:35:f8:6e:a9:48:a7:cc:df:7d:5e:e6:80:ea:a9:ab:49:fa:25:8a:61:4c:d1:fa:de
GoogleTrustServices_Root_R4 2a:1d:60:27:d9:4a:b1:0a:1c:4d:91:5c:cd:33:a0:cb:3e:2d:54:cb 71:cc:a5:39:1f:9e:79:4b:04:80:25:30:b3:63:e1:21:da:8a:30:43:bb:26:66:2f:ea:4d:ca:7f:c9:51:a4:bd
DigiCertHighAssuranceEV-RootCA 5f:b7:ee:06:33:e2:59:db:ad:0c:4c:9a:e6:d3:8f:1a:61:c7:dc:25 74:31:e5:f4:c3:c1:ce:46:90:77:4f:0b:61:e0:54:40:88:3b:a9:a0:1e:d0:0b:a6:ab:d7:80:6e:d3:b1:18:cf
GoogleTrustServices_Y1 cd:88:fa:9d:ca:57:2c:5b:8c:3e:ed:3d:a2:e2:62:45:75:46:3f:30 7d:74:03:41:b5:19:3f:53:e6:75:e3:a1:e3:b4:b1:09:5e:60:25:09:f6:5a:5f:a7:57:6b:0e:3a:54:70:f9:c6
GoogleTrustServices_CA_1O1 df:e2:07:0c:79:e7:ff:36:a9:25:ff:a3:27:ff:e3:de:ec:f8:f9:c2 95:c0:74:e3:59:02:a1:4a:bd:9d:19:af:b6:e7:f8:0e:66:9f:f8:e2:36:32:70:53:9d:96:36:13:f0:4a:aa:21
GoogleTrustServices_Y2 ee:4b:6b:b1:8f:4c:d1:53:2e:59:1a:19:51:39:49:b1:bf:96:a8:fb 9c:30:51:64:96:e1:25:b3:d0:93:1f:49:87:5e:29:51:6d:9d:c2:54:73:e5:d6:a1:06:c1:fc:f8:66:d3:06:db
GoogleInternetAuthority_G3 ee:ac:bd:0c:b4:52:81:95:77:91:1e:1e:62:03:db:26:2f:84:a3:18 be:0c:cd:54:d4:ce:cd:a1:bd:5e:5d:9e:cc:85:a0:4c:2c:1f:93:a5:22:0d:77:fd:e8:8f:e9:ad:08:1f:64:1b
GlobalSign-Root-R4 69:69:56:2e:40:80:f4:24:a1:e7:19:9f:14:ba:f3:ee:58:ab:6a:bb be:c9:49:11:c2:95:56:76:db:6c:0a:55:09:86:d7:6e:3b:a0:05:66:7c:44:2c:97:62:b4:fb:b7:73:de:22:8c
GoogleTrustServices_Root_R2 d2:73:96:2a:2a:5e:39:9f:73:3f:e1:c7:1e:64:3f:03:38:34:fc:4d c4:5d:7b:b0:8e:6d:67:e6:2e:42:35:11:0b:56:4e:5f:78:fd:92:ef:05:8c:84:0a:ea:4e:64:55:d7:58:5c:60
GlobalSign-Root-R2 75:e0:ab:b6:13:85:12:27:1c:04:f8:5f:dd:de:38:e4:b7:24:2e:fe ca:42:dd:41:74:5f:d0:b8:1e:b9:02:36:2c:f9:d8:bf:71:9d:a1:bd:1b:1e:fc:94:6f:5b:4c:99:f4:2c:1b:9e
GoogleInternetAuthority_G4_ECC d2:73:96:2a:2a:5e:39:9f:73:3f:e1:c7:1e:64:3f:03:38:34:fc:4d c4:5d:7b:b0:8e:6d:67:e6:2e:42:35:11:0b:56:4e:5f:78:fd:92:ef:05:8c:84:0a:ea:4e:64:55:d7:58:5c:60
GoogleTrustServices_CA_1D2 88:4c:fc:da:54:38:5a:12:43:5e:84:7a:5f:6b:16:7a:8c:be:1e:41 d5:70:84:c1:27:98:73:27:1e:b2:ce:7b:84:15:a4:1c:e9:12:6b:54:4d:85:18:ba:d8:7f:f1:ce:5a:60:4d:a3
CA_Sync 30:43:8a:0e:f4:ca:83:b1:d0:54:16:7f:55:88:6e:3c:05:59:08:5d dd:ec:9c:03:f6:39:d0:7e:c0:e5:bc:5a:42:46:7b:df:05:fe:bd:b2:f1:28:9a:0f:f1:08:5d:d5:94:fd:eb:bd
VerisignClass3PublicPrimaryCertificationAuthority 74:2c:31:92:e6:07:e4:24:eb:45:49:54:2b:e1:bb:c5:3e:61:74:e2 e7:68:56:34:ef:ac:f6:9a:ce:93:9a:6b:25:5b:7b:4f:ab:ef:42:93:5b:50:a2:65:ac:b5:cb:60:27:e4:4e:70
GlobalSign-Root-R1 b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99
GeoTrust_Global_CA de:28:f4:a4:ff:e5:b9:2f:a3:c5:03:d1:a3:49:a7:f9:96:2a:82:12 ff:85:6a:2d:25:1d:cd:88:d3:66:56:f4:50:12:67:98:cf:ab:aa:de:40:79:9c:72:2d:e4:d2:b5:db:36:a7:3a

What's next