Skip to main content

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

Hitachi NAS Platform 13.8.6320.10 Release Notes

About this document

This document (RN-92HNAS046-02, December 2020) provides late-breaking information about NAS Platform 13.8. It includes information that was not available at the time the technical documentation for this product was published, as well as a list of known problems and solutions.

Intended audience

This document is intended for customers and Hitachi Vantara partners who license and use NAS Platform.

Accessing product downloads

Product software, drivers, and firmware downloads are available on Hitachi Vantara Support Connect:  https://support.hitachivantara.com/.

Log in and select Product Downloads to access the most current downloads, including important updates that may have been made after the release of the product.


About this release

This release is a maintenance release that resolves multiple known problems.

The specific build is server update (SU) 13.8.6320.10, and system management unit (SMU) 13.8.6320.10.

NAS operating system, which includes server update 13.8.6320.10 and SMU 13.8.6320.10, supports the following models:

·         Hitachi NAS Platform 4040, 4060, 4080, 4100, 3080 G1, 3080 G2, 3090 G1 and 3090 G2.

The topics in this document could also be relevant to VSP F/G Series (running SVOS 7.4.0), and VSP N Series (running SVOS 7.4.1), by taking note of the NAS module version.

Note: When upgrading to 13.8, it is advisable to refer to the corresponding release notes of each intervening version to be aware of any new features, special notes and considerations.

Document history

Revision

Description

92HNAS046-00

Initial release of SU version 13.8.6320.01

92HNAS046-01

Maintenance release of SU version 13.8.6320.07

92HNAS046-02

Maintenance release of SU version 13.8.6320.10


New features

This section describes the key features in version 13.8, and other recently released features. Please refer to the NAS user guides for details on using these features.

For features introduced after the initial 13.8 release, which may not be covered in the published guides, documentation amendments can be found on the Additional Notes page. This page is linked to from the main NAS Platform documentation page (https://knowledge.hitachivantara.com/Documents/Storage/NAS_Platform).

Active Directory multi-domain support for the SMU

First available in 13.8.6320.01

From release 13.8, the SMU authentication can be configured to allow access for Active Directory users from the entire Active Directory Forest.

To use this feature, an existing SMU Active Directory configuration will need to be updated to use Global Catalog.

The feature is supported on both Internal and External SMUs.

For further information, see the SMU online help or the ‘SMU user authentication’ section of the ‘Storage System User Administration Guide’.

Limiting access to NDMP files

First available in 13.8.6320.01

From release 13.8, access to NDMP configuration and log files, used for file replication and migration, is restricted to the ‘root’ user on the SMU.

This applies to all directories, sub-directories, and files under the paths:

·         /var/opt/smu/conf/adc_replic/

·         /var/opt/smu/log/adc_replic/

The restrictions are applied to any existing policy and logs files on an SMU upgrade to 13.8, in addition to any newly created files.

TLS/SSL certificate changed

First available in 13.8.6320.10

The default self-signed TLS/SSL certificate has been enhanced to support https://support.apple.com/en-us/HT210176.  To provoke the certificate to be recreated, for Bali’s SOAP and REST servers and the embedded SMU use the following command as supervisor at the Bali prompt:

tls-certificate-create-custom --confirm

And for the external SMU use the following command as root at the Linux prompt on the SMU:

cert-gencustom.sh

Hitting Enter to accept all the defaults will work, except at the two confirmation prompts.  Do not be tempted to increase the "Number of days the certificate should be considered valid" beyond the limit in https://support.apple.com/en-us/HT210176.

Secure RPC for NetLogon connections

First available in 13.8.6320.10

Secure RPC for NetLogon has been introduced so that HNAS can interoperate with Microsoft's fix for CVE-2020-1472, "Netlogon Elevation of Privilege Vulnerability", which requires the use of secure RPC between domain members and DCs.

Please ensure the smb-max-supported-version is set to at least SMB2.


Hitachi NAS add-ons

There are several add-ins available for use with Hitachi NAS, as noted here.

The downloads can all be found by following section "Accessing product downloads" and navigating to "Available Drivers and Firmware", "NAS Platform", and then selecting "Add-ons".

The documentation can be found on the "Solutions and Best Practices" page, which is linked from the main NAS Platform documentation page (https://knowledge.hitachivantara.com/Documents/Storage/NAS_Platform).

HNAS CSI Driver for Kubernetes

Version 1.00 (August 2020) - works with NAS 13.3 or later

To use API Keys for authentication, HNAS software 13.7 or newer is required, otherwise a username/password combination must be used.

The Hitachi NAS Container Storage Interface (CSI) Driver is a software component that contains libraries, settings, and commands that you can use to create a container in order to run your stateful applications. It enables the stateful applications to persist and maintain data after the life cycle of the container has ended. The Hitachi NAS CSI Driver provides persistent volumes on Hitachi NAS server platforms (Hitachi NAS platform and NAS module).

As the driver relies on the ability for containers/pods to access HNAS NFS exports, it can only be used on Linux based systems.

HNAS docker volume plugin

Version 1.00 (December 2019) - works with NAS 13.2 or later

The NAS server platform (Hitachi NAS platform and NAS module) can be used to provide remote storage for container images running within Docker.

As the plugin relies on the ability for containers to mount HNAS NFS exports, it can only be used on Linux based systems.

The plugin is supported on Docker version 18 and newer, and currently only on stand-alone systems, rather than clusters/docker swarm.

ELK integration for HNAS

Version 1.00 (September 2019)

The NAS server platform (Hitachi NAS platform and NAS module) can be integrated with Elasticsearch. Alert and audit logs can be collected, and then analyzed using Kibana, which helps to visualize data.

Elasticsearch is commonly referred to as the ELK stack or Elastic stack, which refers to Elasticsearch and associated components, which lets you reliably and securely take data from any source, in any format, and search, analyze, and visualize it in real time.

Splunk add-on for HNAS

Version 1.00 (November 2018)

The NAS server platform (Hitachi NAS platform and NAS module) can be integrated with Splunk®. Splunk can be configured to collect alert log and audit log events, in addition to the ability to gather statistics about the NAS server system performance.


Special notes on current NAS releases

Configuring external migration targets

Not specific to this release, but reiterating the need for adequate backup planning.

Caution: Care should be taken when configuring systems with a single migration destination for both replication source and target (known as a triangular arrangement). Such arrangements should not be considered a valid solution in any disaster recovery (DR) or backup scenario, as there is only a single copy of the user data pointed to by XVLs at each end of the replication policy.

Deduplication support for Object Replication Targets

Deduplication is supported on Object Replication target file systems, from release 13.6.

Note: If, before 13.6.6016.05, a filesystem was created to support dedupe and it was later used as a replication target, there will be implications when upgrading to 13.6.6016.05 or later. In this case, deduplication of the replication target will start automatically without any additional action on the user's part.

In order to avoid this happening, deduplication should be disabled, per filesystem, before upgrading.

 

Group Augmentation changes

A change in 13.5.5527.02 changed the format of the output that create-group-table-from-active-directory.rb presented to any customized massage-commands-for-managed-servers script.

If a customized massage-commands-for-managed-servers script is used to check the output against a whitelist, then it's likely that groups will be incorrectly excluded, and their old definitions will continue to be used by HNAS indefinitely. In this instance it is best to transform the whitelist to suit the output after the upgrade.

HDRS versions

A change in 13.8 necessitates that any instances of HDRS in use should be upgraded to at least v4.1.

Event ID 2117

After upgrading to 13.8, systems might start logging Event ID 2117 falsely. You may see the following or similar event being logged:

·         2117 Warning     2020-11-11 17:52:12 UTC warning assert SI/M2_DI_MISC_ASSERTS/fatal_err from SiH1 (HFB1): this event, Id 2117, happened once since reset on the HFB1.

Or

·         2117 Warning     2020-11-11 17:52:12 UTC warning assert SI/M2_DI_MISC_ASSERTS/pciex_core_fatal_err from SiH1 (HFB1): this event, Id 2117, happened once since reset on the HFB1.

This is a false-positive, and can be safely ignored.


Notes on installing, upgrading, and downgrading

Notes on this release include:

·         NAS platform models 3080 G1 and G2 / 4040 / 4060 have cluster support up to two nodes. NAS platform models 3090 G1 and G2 / 4080 have cluster support up to four nodes. NAS platform 4100 has cluster support up to eight nodes.

·         The NAS Manager for the SMU uses cookies and sessions to remember user selections on various pages. Therefore, you should open only one web browser window, or tab, to the SMU from any given workstation.

Performing a rolling upgrade from older versions of HNAS

If you are upgrading from earlier versions of HNAS, note that there are critical steps which must be followed in a precise sequence to correctly upgrade to version 13.8. Refer to the corresponding release notes of each earlier version for details on rolling upgrades. Additionally, consult with your Hitachi Vantara representative for assistance in upgrading from earlier versions of HNAS.

Note: For Rolling Upgrades, the latest version of any major code release will be able to roll to any version in the following major code release.  As an example, a Rolling Upgrade can be performed from the latest 12.x code release to any version in the 13.x major code release without any intermediate code steps.

File-based replication between different HNAS software levels

The ability to replicate between systems is determined by the version of the software that is running on those systems. The model number of the server is not a factor for interoperability for replication purposes. If both the destination and target servers are running the same major software version (for example, 12.x), replication as ‘managed servers’ is fully supported. If the destination and target servers are running different major software versions (for example, 12.x to 13.x), one of the servers is configured as an ‘unmanaged’ server. Replication continues to be fully supported within the constraints of replication between managed and unmanaged servers.

Object-based replication between different HNAS software levels

Object replication was first introduced in HNAS software v8.0 and has been enhanced with each release. For example, version 10.1 was enhanced so that objects maintained their sparseness during incremental replication. Version 11.1 has the ability to preserve file clone states during replication. To ensure interoperability, feature flags are negotiated when object replication occurs between servers running at different version levels.

Object replication between servers is supported up to one major version away. For example, object replication between version 12.x and 13.x is supported.

Note: Object replication between servers that are more than one major release apart may work (for example, between version 11.x and v13.x) – but this is not supported.

Note: When set to transfer XVLs as links, both source and target systems involved in the replication relationship must be running HNAS release v13.4 or later.


Important considerations to read before installation

Please read the following sections before installing and using 13.8.

Special consideration should be taken when upgrading to the stated versions (or later) from an earlier version, or when planning a downgrade from the stated versions (or later) to an earlier version.

Changes in 13.0

·         Support for WFS-1 is now completely removed. Before upgrading the customer MUST migrate any WFS-1 filesystems to new WFS-2 filesystems, as WFS-1 filesystems cannot be mounted.

·         NAS Storage Pools (spans) are now limited to 32 filesystems.

·         12.7.4221.07 is the lowest version of code that the system can safely downgrade to.

Changes in 13.2

·         Support added for increasing the number of filesystems in a cluster. This must be considered when planning a downgrade to an earlier version, if more than the previous default of 128 filesystems exist.

·         Support for REST API v4 added, while still supporting v3.

·         13.2.4527.04 introduced a new command, krb5-nfs-principal-format. If the setting is changed to (the non-default value of) "only-primary", for any EVS, this must be considered when planning a downgrade to an earlier version.

Changes in 13.5

·         Support for REST API v7 added, while still supporting v4, and deprecating v3.

The number of filesystems per span limit

By default, the number of filesystems that can be created in any span is limited to 32.

If an existing span has more than 32 filesystems, the span and filesystems are fully supported after upgrading to 13.0 or later. However, it is not possible to create any additional filesystems on the span, until enough filesystems have been deleted to bring the total number below 32.

It is possible to increase this default value using the filesystem-create CLI command with the --exceed-safe-count option. This option must not be used when creating up to 32 filesystems. It must only be used when creating filesystems beyond the 32nd one.

Note: This option is only available on the CLI. The NAS Manager does not permit you to create more than 32 filesystems.

For further information, see the File Services Administration Guide.

NFSv3 access during upgrade to 13.2 or later

When a cluster namespace (CNS) is in use on an NFSv3 filesystem, a rolling upgrade to version 13.2 can cause longer transient delays for NFSv3 accesses than normal. Customers using ordinary filesystem exports or other protocols (including NFSv4) do not experience these additional delays.

Note: This issue only affects the upgrade from a pre-13.2 release to a 13.2-or-later release. Future upgrades will not experience any additional transient delays from this issue.

The technical issue

Normally, during a rolling upgrade, access to filesystems through NFSv3 and CNS is available while EVSs are migrated between cluster nodes so that each node can be upgraded in turn. Clients can connect to an EVS on a node running older software and access filesystems belonging to an EVS on a node running newer software (or the other way around) because the NAS server uses a stable message format when forwarding the requests.

Software version 13.2 supports an increased number of filesystems and in order to provide this feature, modifies the message formats used to support CNS in a way that is incompatible with earlier releases.

During this rolling upgrade, clients cannot access filesystems that are hosted on a node running a different version of software to the currently connected node. As soon as the EVSs are migrated onto nodes running the same version of software, the clients can regain access to those filesystems.

Workaround

For 2-node clusters (including NAS Modules), follow the usual upgrade procedure. After the first node has been upgraded, and while EVSs are being migrated between the nodes, there is a longer interruption to client access than usual. The interruption ends as soon as all EVSs are migrated to the upgraded node. When the second node has been upgraded, the only disruption is from normal EVS migrations.

For clusters with three or more nodes, there could be a longer period when EVSs are hosted on nodes running different software versions. For these cases, use manual migrations to move all EVSs to nodes running the same software version. This minimizes the period during which the clients cannot access all filesystems.

For details of the manual migration process, or for upgrade procedures, please contact Customer Support.

SMU, server, and cluster compatibility

These release notes highlight SMU release version 13.8.6320.10.

The version of SMU should always be equal to, or newer than, the version of the server / cluster being managed. In the rare situation where such an SMU build is not released, the closest available one should be used.

Since SMU 12.7, the following hypervisor images are supported for a virtual SMU

·         Hyper-V : Virtual SMU OS 2.2

·         VMware : Virtual SMU OS OVA 2.1 or 2.2

Note: In addition to VMware player, the virtual SMU (vSMU) is also compatible with the free version of ESXi.

A single hardware SMU (SMU 400) can support up to 5 servers / clusters.

From SMU 12.7, a virtual SMU can support up to 10 servers / clusters. To manage more than 2 entities* from a virtual SMU, the VM’s resources must be increased. One (1) GB memory and one virtual CPU is required per entity. An entity is defined as a single node or a cluster of nodes.

 

Licensing

New license keys are typically firmware-version specific. Upon upgrading firmware to this release, all previous licenses present on the system will remain in force.

Licensing as it pertains to node replacements

Clustered Node Replacement: Once the NAS cluster has been built, the Cluster MAC-ID will not change regardless which node in the cluster needs to be replaced, so there will not be any reason to request new license keys when replacing a node in a cluster.

Single Node Replacement: In a situation where a single node must be replaced, the original license keys will not be valid on the new node.  Please contact TBkeys to transfer the license keys to the replacement node and issue a new permanent license. You will need to supply TBKeys with the MAC-ID of the Original Node and the MAC-ID of the Replacement node.

To request upgrade keys

When ordering license keys for new, licensed features, note that:

·         New features with a sale price will be purchased by the customer per normal Hitachi Vantara channel policies and procedures.

·         Non-sale feature requests will be routed based on server branding until such time as the relicensing process has been fully integrated.

·         Hitachi Vantara Server Request Routing

o    The emailed request shall include the following information:

-         Customer Name

-         MAC-ID of the HNAS Unit (the MAC-ID format is XX-XX-XX-XX-XX-XX), the serial # is not needed or acceptable to issue new keys.

-         If you have not followed normal upgrade procedures, please indicate details of your current situation and indicate if a new full set of keys are required. Also, if your server is part of a cluster, please indicate if the MAC-ID is a "Primary" server of the cluster and how many units are in the cluster.

o    All permanent upgrade key requests will be handled by way of email sent to TBKeys@hitachivantara.com. Turnaround time on all requests is targeted within 24 hours. Standard working hours for this distribution list (dlist) are 8am to 5pm Pacific Standard Time. See below for emergency situations.

o    Should your need for upgrade keys be an emergency, please contact the Hitachi Vantara Support Centers, where Temporary Keys for these features can be provided.

o    An email to TBKeys@hitachivantara.com should also be sent to receive your permanent keys.

Fixes and enhancements in version 13.8.6320.10

Issue ID

Severity

Description

D144544

B

Update for CVE-2020-1472 "Netlogon Elevation of Privilege Vulnerability". Add support for secure RPC for NetLogon connections.

D145066

D

The default self-signed TLS/SSL certificate has been enhanced to support https://support.apple.com/en-us/HT210176. The certificate will need to be recreated.

Fixes and enhancements in version 13.8.6320.07

Issue ID

Severity

Description

D101962

B

Changes to the memory utilization of virus scanning/file filtering error logging to reduce the potential for heap fragmentation.

D144023

B

Prevent mis-administration of the Linux nbd-client by retrying commands that fail due to SOAP errors.

D143016

C

SMU pages updated to prevent a potential Cross Site Scripting (XSS) attack.

D143325

C

A rare stability problem affecting the power-on self test of VSP G400/600/800, VSP F400/600/800, VSP N series, has been addressed.

D143999

C

The dedupe process for object replication target filesystems has been updated, to reduce the possibility of it entering a state which prevented further deduplications from running and required a reboot to resolve.

D144260

C

Fixed an issue in HTTP communication between DM2CD and HCP (REST) that emerged with HCP versions 8.2+.

D144266

C

A problem rebooting after a USB reinstall has been corrected.

D144614

C

Event 1700 (Too many (...) slots are in use) from the AggCacheEntryObserver pool should no longer occur in normal operation.

D144162

D

The 'dedupe-replication-target-support' command has been added to allow cluster-wide disabling of dedupe on replication target filesystems, regardless of their individual configurations.

Fixes and enhancements in version 13.8.6320.0

Issue ID

Severity

Description

D76627

B

Fixes an issue where malformed name registration WINS requests would cause an instability.

D92699

B

Fixes a rare instability issue linked to snapshots and replication.

D62525

C

The stream name length limit of 255 UCS-2 code units is now enforced.

D141159

C

Made improvements to aid debugging in the event of a filesystem failure.

D142835

C

Failure to transmit jumbo frames over ICC will result in disabling the NVRAM mirroring on affected links.

D143251

C

Fixes an issue where NFSv3 clients were unable to mount a directory under an export of a replication target filesystem.

D143459

C

Corrected the determination of VSP cluster number associated with target port in very large configurations.

D141569

D

A minor change has been made to the inter-cluster interface blocks to reduce the likelihood of packets being dropped (and thus re-transmitted) under high load. The changes do not change the behaviour of the interface and only come into play on HM800 GEfN systems.

D142355

D

Made an improvement to the diagnostics bundle, by including hardware.data file.

D142379

D

An unfortunate interaction between umask-file-set and fs-dacl-mode's passthrough option is now better documented.

D142854

D

A new command 'cluster-icc-show' was added to help troubleshoot the issues with jumbo frames and other ICC connectivity issues

D143155

D

SMU updated with patches for these CentOS vulnerabilities:

kernel (CESA-2020:1524) - CVE-2017-1000371 - CVE-2019-17666

kernel (CESA-2020:2103) - CVE-2020-10711

telnet (CESA-2020:1335) - CVE-2020-10188

ipmitool (CESA-2020:1331) - CVE-2020-5208

D143157

D

Active Directory authentication to the SMU now supports the UPN form user@domain.

D143313

D

Active Directory authentication to the SMU GUI now accepts the form DOMAIN\username.

D143601

D

For diagnostic purposes, Active Directory-authenticated CLI access can now be configured to the SMU without TLS.

D143621

D

Prevent the NDMP password being written to SMU logs.

D142795

E

Errors from Bali CLI pipelines once again correctly identify the failing filter.

D142936

E

DM2CD now defaults to Bali's routing algorithm.

D142984

E

Non-ASCII Active Directory group names can now be used to control access to the SMU.

D143486

E

A missing Password entry in /usr/local/bin/ldap.conf.rb is once again diagnosed helpfully.


New, modified, and deleted CLI commands

See the NAS man pages for details on the new commands.

New commands

The following commands have been added. See the NAS man pages for details on these commands.

·         cluster-icc-show – This supervisor command displays cluster interconnect status.

·         dedupe-replication-target-support – This supervisor level command allows support for deduplication on replication target filesystems to be disabled/enabled.

Modified commands

The following commands have been modified. See the NAS man pages for details on these commands.

·         umask-file-set, umask-file-show – The man page now explicitly recommends the cifs-share file_umask setting in preference to umask-file-set.

Deleted commands

None


Copyrights and licenses

© 2020 Hitachi, Ltd. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including copying and recording, or stored in a database or retrieval system for commercial purposes without the express written permission of Hitachi, Ltd., or Hitachi Vantara LLC (collectively "Hitachi"). Licensee may make copies of the Materials provided that any such copy is (i) created as an essential step in utilization of the Software as licensed and is used in no other manner; or (ii) used for archival purposes. Licensee may not make any other copies of the Materials. "Materials" mean text, data, photographs, graphics, audio, video and documents.

Hitachi reserves the right to make changes to this Material at any time without notice and assumes no responsibility for its use. The Materials contain the most current information available at the time of publication.

Some of the features described in the Materials might not be currently available. Refer to the most recent product announcement for information about feature and product availability, or contact Hitachi Vantara LLC at https://support.hitachivantara.com/en_us/contact-us.html.

Notice: Hitachi products and services can be ordered only under the terms and conditions of the applicable Hitachi agreements. The use of Hitachi products is governed by the terms of your agreements with Hitachi Vantara LLC.

By using this software, you agree that you are responsible for:

1)     Acquiring the relevant consents as may be required under local privacy laws or otherwise from authorized employees and other individuals; and

2)     Verifying that your data continues to be held, retrieved, deleted, or otherwise processed in accordance with relevant laws.

Notice on Export Controls. The technical data and technology inherent in this Document may be subject to U.S. export control laws, including the U.S. Export Administration Act and its associated regulations, and may be subject to export or import regulations in other countries. Reader agrees to comply strictly with all such regulations and acknowledges that Reader has the responsibility to obtain licenses to export, re-export, or import the Document and any Compliant Products.

Hitachi and Lumada are trademarks or registered trademarks of Hitachi, Ltd., in the United States and other countries.

AIX, AS/400e, DB2, Domino, DS6000, DS8000, Enterprise Storage Server, eServer, FICON, FlashCopy, GDPS, HyperSwap, IBM, Lotus, MVS, OS/390, PowerHA, PowerPC, RS/6000, S/390, System z9, System z10, Tivoli, z/OS, z9, z10, z13, z14, z/VM, and z/VSE are registered trademarks or trademarks of International Business Machines Corporation.

Active Directory, ActiveX, Bing, Excel, Hyper-V, Internet Explorer, the Internet Explorer logo, Microsoft, the Microsoft Corporate Logo, MS-DOS, Outlook, PowerPoint, SharePoint, Silverlight, SmartScreen, SQL Server, Visual Basic, Visual C++, Visual Studio, Windows, the Windows logo, Windows Azure, Windows PowerShell, Windows Server, the Windows start button, and Windows Vista are registered trademarks or trademarks of Microsoft Corporation. Microsoft product screen shots are reprinted with permission from Microsoft Corporation.

All other trademarks, service marks, and company names in this document or website are properties of their respective owners.

Copyright and license information for third-party and open source software used in Hitachi Vantara products can be found at https://www.hitachivantara.com/en-us/company/legal.html.  

 

  • Was this article helpful?