OS8.8.57 was just released and has a lot of new features – more than I can remember in any single OS release. Many of these are designed to improve the security of Oracle ZFS Storage even further, and there’s a fantastic new feature specifically for ZS-OCI instances.
With corporate awareness of network and system security at all-time highs, a number of customers have asked for increased visibility into file access and external access to the audit logs. The Audit Log to Syslog Forwarding feature enables Oracle ZFS Storage to send audit events to the syslog forwarding service. Three different types of event are supported: Administrative Audit, Per File Audit, and Login/Logout Audit.
The Per File Audit event enables the recording of access to data files in shares. These audit events are generated from the “audit” Access Control Entry (ACE) on a file or directory, which can be set by a privileged user over NFS or SMB. The file audit events can only be sent over syslog and will not appear in the local audit log.
As part of the continuing efforts to deprecate the use of the “root” superuser, four new local user authorizations for the ZFS Appliance’s configuration backup and restore operations have been added: configBackup, configExport, configImport, and configRestore. To reduce the risk of a single non-root administrator using the configuration backup tasks to elevate their own authorizations, each of the four tasks has a separate authorization. Having a single role with both configImport and configRestore is not recommended as this combination has the potential of being equivalent to having all authorizations.
For those with encrypted data using Oracle ZFS Storage’s remote replication, whether between data centers, within the Oracle Cloud Infrastructure (OCI), or a combination of the two, the Raw Crypto Replication feature improves the security and efficiency of replicating encrypted data by avoiding both decrypting the data on the source appliance and re-encrypting it on the target. The raw crypto option is enabled by default for new replication actions if the raw crypto replication deferred update has been applied. Once enabled, raw crypto replication can be disabled before the initial update and before a new replication action.
Based on a customer usability request, OS8.8.57 introduces the ability to enter multiple email addresses for each alert in both the browser user interface and the CLI. Email addresses are separated with a comma and a space on one line. Another enhancement to Email functionality is the addition of ESMTP plain authentication when configuring the SMTP service.
That’s already a lot in this release, but those who use ZFS Storage in OCI have an exiting new feature available to them: Automated Capacity Expansion. Enabling this feature will take a storage pool that becomes 80% full and either expand the existing block volumes or add block volumes to the pool automatically so that the usable storage is seen as 60% full. In order to prevent unexpected leaps in storage costs, a cap can be set on the size of the pool.
One thing that will catch me by surprise is when I’m talking to someone who has used Oracle ZFS Appliances for years and I find out that they aren’t aware of the built-in documentation included with every software update which can be accesed from the browser interface. The “HELP” link is in the top-right corner of every screen – you can see it in the screenshot above – and it’s context-sensitive, so a minimum of searching for the thing you’re looking for is needed. By having the help in the storage updates, you don’t need Internet connectivity to access the documentation and you can be sure that the documentation is appropriate for your release.
Another feature of OS8.8.57 is a new look-and-feel to the online help, updating the interface as seen here.
OS8.8.57 can be downloaded from My Oracle Support.
Anyone interested in ZFS Storage in OCI can find out more by following this link.