Release 21.07-SP1

Key Enhancements

VPSA Object Storage

Object-Lock S3 API performance improvement

(ZSTRG-12992,ZSTRG-17467)

With version 21.07-SP1, Zadara improved significantly its VPSA Object Storage handling of the following S3 compatible Object-Lock APIs:

• Put-object-retention

• Multi-delete

With Object-Lock enabled use-cases(i.e Veeam’s immutable backup), where the backup application requires periodical update of the objects in the backend container (bucket) with an updated “Retention Date”. Updating the object’s metadata requires a single API request per object, which can result with millions of consecutive requests. The change in the way the VPSA Object Storage handle the object metadata allow the Object Storage to serve x3-x4 more requests in parallel.

New account administrator dashboard

(ZSTRG-18975)

Similar to the VPSA Object Storage administrator, a new account dashboard was introduced to provide a snapshot visibility to the account administrators. The dashboard will provide the following information:

• General VPSA Object Storage information

• Performance metering snapshot:

  • Total throughput

  • Total operations/s

  • Operation type breakdown

  • Capacity history

  • Account status (capacity, containers count, object count, users etc)

Release 21.07-SP1 is a service pack release which includes scalability, security, usability improvements, new features and bug fixes.

The following section will breakdown the main additions and updates to the Zadara Storage Cloud platform on top of the previous 21.07 major version.

Version 21.07-SP1-313

Build 21.07-SP1-313 primary addresses VPSA Object Storage issues related to performance at scale and IPv6 connectivity.

VPSA Object Storage

• ZSTRG-23006 - Fixed an issue where remote Object Storage discovery via the cloud’s Outnet network failed

• ZSTRG-22702 - Fixed an issue where remote Object Storage connectivity using IPv6 failed

• ZSTRG-22840, ZSTRG-22703, ZSTRG-21142 - Improvements for the VPSA management console performance for Object Storage with more than 1000 accounts

• ZSTRG-22701, ZSTRG-21797, ZSTRG-22706 - Improved infrastructure handling for large metering database

Version 21.07-SP1-297

VPSA Storage Array

• ZSTRG-20472 - Update for zadaravpsa.com TLS certificate

VPSA All-Flash Array

• ZSTRG-20472 - Update for zadaravpsa.com TLS certificate

• ZSTRG-20007 - Performance - Improving write buffer backend async IO

VPSA Object Storage

• ZSTRG-20110 - Improve the performance of the authentication API response

• ZSTRG-19964 - S3API compatibility - fix an issue where VersionID is not returned for multipart object PUT request

• ZSTRG-20316 - Fixed an issue with replication job that fails sporadically

• ZSTRG-20278 - Fixed an issue where disabling MFA authentication for a single user did not work as expected

Version 21.07-SP1-292

VPSA Storage Array

• ZSTRG-19070 - Fixed an issue with FC NULL pointer exception may lead to a VC crash

• ZSTRG-20061,20062 - Upgrade VC level packages to handle various security vulnerabilities

• ZSTRG-20149 - Fixed an issue where non-rotated metering dc records may lead to a VPSA lockdown

• ZSTRG-19185 - Adjust iSCSI configuration to avoid issue where SN times out

VPSA Object Storage

• ZSTRG-20154 - Fix a display issue where rebalance percentage can exceed 100%

• ZSTRG-20071 - Fix an issue where container(bucket) with non unicode characters cannot be deleted

• ZSTRG-19980 - Fix an issue where where permissions are not handled correctly with multipart objects

• ZSTRG-20061,20062 - upgrade VC level packages to handle various security vulnerabilities

CCVM

• ZSTRG-20061,20062 - upgrade CCVM level packages to handle various security vulnerabilities

Storage Node

• ZSTRG-17726 - Fixed an issue where support ticket creation and licensing validation might fail with IPv6 proxy configuration

• ZSTRG-20246 - Fixed an issue with FreeIPA package

Version 21.07-SP1-280

VPSA Storage Array

• ZSTRG-19295 - Fixed a display issue in the VPSA graphical interface where the dashboard was not loaded.

• ZSTRG-19587 - Fixed an issue in which DOS attributes were not saved properly after copying files to SMB share with enabled SMB File history

• ZSTRG-19845 - Fixed and issue in which the deletion of the SMB directory with “hide unreadable” files inside was allowed

VPSA Object Storage

• 19849 - Zadara’s wildcard certificate for zadarazios.com domain was renewed (valid until April 2023)

• ZSTRG-19176, ZSTRG-19807 - Fixed an issue where recursive deletion of a container (bucket) was terminated unexpectedly.

• ZSTRG-19409 - Fixed an issue where the console did not display more than 50,000 containers (limit set to 100,000 containers)

• ZSTRG-19876 - Fixed an issue with the dashboard presentation of the total throughput value

• ZSTRG-19983 - Fixed an issue where delete of an object failed using Cloudberry Explorer for Openstack client

• ZSTRG-19395 - Fixed an issue with reporting inconsistencies for source-target Object Storage with remote replication

Storage Node

• ZSTRG-19514 - Fixed an issue in the underlying storage node iSER driver where NULL pointer is returned

Security

ZSTRG-19684 - Upgraded storage node components to mitigate the following CVEs (among with lower severity CVEs that were excluded from the list)

CVE-2016-10228 CVE-2019-17543 CVE-2019-25013 CVE-2020-27618 CVE-2020-29562 CVE-2020-6096

CVE-2020-8625 CVE-2021-22901 CVE-2021-22926 CVE-2021-2372 CVE-2021-25214 CVE-2021-25215

CVE-2021-25216 CVE-2021-25220 CVE-2021-27645 CVE-2021-3326 CVE-2021-35604 CVE-2021-35942

CVE-2021-3711 CVE-2021-3999 CVE-2022-0396 CVE-2022-23218 CVE-2022-23219

Version 21.07-SP1-237

VPSA Storage Array

• ZSTRG-18306 - Allow allocation of two VNIs (Virtual Network Interfaces) with a matching VLAN ID

• ZSTRG-18138 - Fix an issue where Japanese characters couldn’t be used for configuring quota for a project

VPSA Object Storage

• ZSTRG-18306 - Allow allocation of two VNIs (Virtual Network Interfaces) with a matching VLAN ID

• ZSTRG-13938 - Removed the option to add an additional data policy to an existing VPSA Object Storage

• ZSTRG-16969 - Disable the automatic provisioning of ZELB for Premium+ Object Storage

• ZSTRG-17385 - Disable management interface port (8080) when internal TLS termination is set

• ZSTRG-15831 - Fix an issue where object last replication time is not updated correctly

• ZSTRG-18262 - Fix an issue where MinIO client cloud not parse object retntion date

• ZSTRG-18122 - Fix an issue where new object replication job was blocked due to an old replication job for the same container

• ZSTRG-17820 - Fix an issue where the color indicator for a policy in protected state was not updates

• ZSTRG-17390 - Fix an issue where TLS1.1 was still offered as supported protocol in an existing Object Storage.

• ZSTRG-17395 - Added support for Content-Disposition header

• ZSTRG-15831 - Fix an issue where lifecycle policy was not executed according to the defined rule

• ZSTRG-15224 - Fix an issue with the main dashboard operations where the breakdown display a summary of operations instead of concurrent operation

Command Center

• ZSTRG-12973 - Cloud administrators can now restrict access to their Command Center and Provisioning Portal to a specific IP addresses

Security

ZSTRG-17818 - Upgraded cross cloud components to mitigate the following CVEs

CVE-2018-10852 CVE-2021-23017 CVE-2021-3712

CVE-2017-8872 CVE-2019-20388 CVE-2020-24977

CVE-2021-3516 CVE-2021-3517

CVE-2021-3518 CVE-2021-3537

Known issues and limitations

In 21.07-SP1-237 no known issues or limitations were introduced.

Revision History

• 21.07-SP1-297, May 2022

• 21.07-SP1-292, April 2022

• 21.07-SP1-280, March 2022

• 21.07-SP1-237, February 2022 (GA)