suggested improvements

Some suggestions for improvements:


user authentication:

consider using cookies instead of repeatedly sending userid/pw. This will help by: 
1.) save the mgmt2 process(process that does rest api responses) some processing time by not having to check internal authentican db since the cookie was already authenticated.
2.) Help when using an AD/ldap login as using cookies will improve performance by not having to go back to ad systems and authenticate over and over.
3.) And it will not log authentication successful events repeatedly. 

To start a new session, log into InfiniBox using: POST /api/rest/users/login {"username": "jabba", "password": "the hut", "clientid": "optional client identifier"}. Upon a successful login the client receives a cookie {"Set-Cookie", "JSESSIONID=6977862313998501146;Version=1;Path=/״} The jsessionid will be used for all requests going forward. If/when it expires a response code of authentication_required will be returned and need to go though and obtain a new token.

Example using Curl:
curl -k -v -H "Content-Type: application/json" -d '{"username":"admin", "password":"123456"}'  https://ibox******/api/rest/users/login
....................
< HTTP/1.1 200 OK
< Date: Sat, 04 Apr 2020 03:15:26 GMT
< Server: Apache
< Set-Cookie: JSESSIONID=D4B648CA5B7C39C6512B9188315B746A; Path=/; Secure
....................
* Connection #0 to host ibox**** left intact
{"result":{"roles":["ADMIN"],"name":"admin","user_objects":[{"type":"Local","id":-2,"role":"ADMIN","name":"admin","type":"Local","email":"********","password_digest_version":1,"enabled":true,"is_digest_sufficient":true,"roles":["ADMIN"]}]},"

Now I can call any api by passing the jsessionid value as a cookie instead of having to go though the full authentication process.

 curl -b 'JSESSIONID=D4B648CA5B7C39C6512B9188315B746A' -k  https://ibox*****/api/rest/system
{"error":null,"metadata":{"ready":true},"result":{"capacity":{"dynamic_spare_drive_cost":0,"free_physical_space":34678269542400,"free_virtual_space":535089500651520,"total_allocated_physical_space":297497560350720,"total_physical_capacity":333034824400896,"total_spare_bytes":24004617043968,"total_spare_partitions":1584,"total_virtual_capacity":832587061002240,"used_dynamic_spare_bytes":0,"used_dynamic_spare_partitions":0,"used_spare_bytes":0,"used_spare_partitions":0},"deployment_id":"82960a56-3f89-4fc2-8693-6e64d8c4d7b1","entity_counts":{"clusters":1,"consistency_groups":2,"filesystem_snapshots":1,"filesystems":5,"hosts":11,"mapped_volumes":16,"pools":8,"replicas":4,"snapshot_groups":1,"volume_snapshots":79,"volumes":33},"full_model":"","health_state":{"active_cache_ssd_devices":15,"active_drives":120,"active_encrypted_cache_ssd_devices":0,"active_encrypted_drives":0,"bbu_aggregate_charge_percent":300,"bbu_charge_level":{"bbu-1":100,"bbu-2":100,"bbu-3":100},"bbu_protected_nodes":3,"enclosure_failure_safe_distribution":true,"encryption_enabled":false,"failed_drives":0,"inactive_nodes":0,"missing_drives":0,"node_bbu_protection":{"node-1":"protected","node-2":"protected","node-3":"protected"},"phasing_out_drives":0,"raid_groups_pending_rebuild_1":0,"raid_groups_pending_rebuild_2":0,"ready_drives":0,"rebuild_1_inprogress":false,"rebuild_2_inprogress":false,"testing_drives":0,"unknown_drives":0},"install_timestamp":1580286259000,"localtime":{"utc_time":1585970132833},"model":"F2230","name":"ibox******","operational_state":{"description":"System is active","init_state":null,"mode":"NORMAL","read_only_system":false,"state":"ACTIVE"},"product_id":"INFINIBOX","release":{"gui":{"build_mode":null,"revision":"460ebd9f6dc1cce1a2ee3c9112d195c6738a3813","version":"v5.0.11.10"},"infinishell":{"build_mode":null,"revision":"cbe914c419325d9b218f4b851d592322f11d6f92","version":"v5.0.11.10"},"system":{"build_mode":"production","revision":"4b2debc37331cb22430e97260e8adc4547d9948e","version":"5.0.11.10"}},"security":{"encryption_enabled":false,"fips_best_practice":{"certificate_strength":2048,"is_certificate_strength_sufficient":true,"is_http_redirection":false,"is_ldap_connections_secured":true,"is_local_users_disabled":false,"local_users_password_hash":"SHA256","num_users_password_hash_not_secured":0},"system_security_state":"STANDARD"},"serial_number":*******,"system_power_consumption":3120.0,"upgrade_timestamp":1585865866000,"uptime":4110841973,"version":"5.0.11.10","wwnn":"*****"}}



performance metrics

1.) consider collecting scsi errors from fc ports. Scsi errors can be collected from any block device(vol, host,etc) but doesn't apply to NAS or RMR. Errors per volume are not very interesting IMHO, and if trying to collect by host this data is only helpful if the errors are separated by host initiator.

2.) consider collecting host iops per initiator. Since the array is an active/active/active its useful to ensure hosts are able to push io evenly across all initiator ports

3.) consider collecting scsi_busy per host. scsi_busy is how an array tells a host to slow down for a short time to not overload it. Fairness mechinism in Infinibox will slow down only the top initiators.

4.) consider collecting internal and external latency. Internal latency is the time it took the array to process the data internally. External latency is internal latency + host side latency or round trip latency. Collecting this data by reads vs writes is very useful since usually speaking writes are faster then reads in the Infinibox. It would be ideal to collect the data for both hosts and volumes. Have this data allows the user to see if there is a fabric issue or a io performance issue.

5.) consider collecting QoS by volume collection. resource_unit and qos_status by volume will help users understand the affects of qos in their environment.

6.) consider collecting nas metrics. This is a general request since the InfiniBox support both block and file storage.

7.) consider collecting replication performance data. Take into consideration that today the RMR filter is for async replication. Sync and Active/Active does not yet have counters like async.

8.) consider collecting sections_read_cache/ssd/disk. This is only read io, writes always go to dram in the infinibox, and it's usually best presented as percentage(100 iops, 60% cache, 20% ssd, 20% disk). Ideally collected for system, per host, and per volume.


Questions:

1.) in data_rate-subsystem there are three fields being graphed. What is SAS? InfiniBox does not have SAS ports at this time.

Comments

  • Hi Jeff,

    thanks for hints and advices!
    we will definitelly follow user authentification advices.

    regarding performance stuff.
    It is definitelly useful, however most of that is behind of our monitoring targed, we do not monitor such metrics generally even for other storages. The tool is intended as a front-end tool which can simply and quickly identify load abnormality and locate problems at the infrastructure level. Most of what you suggested sounds like a task for tools which are able to do deep performance analysis (area for storage vendor tools which collect everything possible, vendor support etc). It is something we do not want to compete.
    However we might implement something from it if that is really important and helpful from perf point of view. Can you have a look and either let us know what is extremly helpful or sort your list per helfulness?

    NAS and replication stuff  is something we usually do, however we have no access to Infiniboxes using such technologies what prevents us in implementation.

    we will exclude SAS item, it has not data anyway.

    Thanks!
    Pavel




  • Hi Jeff,

    our dev team just confirmed that the tool uses cokie based authentification It has been always used.
Sign In or Register to comment.