The latest code update for the Dell PowerStore (Dell’s Flagship Midrange Storage Array) adds a few cool new features that I think provide some additional value for people who are already using it. Most of the details were released at Dell World 2023 in Las Vegas. Several of the new features are focused around cyber security, so I want to take a moment to look at those features in particular.
Immutable Snapshots
I’m going to start with my favorite one. Truly immutable snapshots. Dell has long maintained that PowerStore snapshots were already immutable, such as in this article. If that were the case, what are they now? Super Extra Immutable? Many technologists, myself included, would define “Immutable” a bit differently than Dell or Merriam Webster. To me, immutability must include protection from insider threats and system breaches. This is what PowerStore lacked in the past, but now adds in version 3.5.
A snapshot provides a point in time copy of your data. The security challenge has always been “Well, what if someone logs into the system and deletes that snapshot?” That is the problem this new update solves. Once the new “secure snapshot” feature is configured, the snapshots cannot be deleted during the retention period, even by an admin. Should a bad actor gains full access to the PowerStore GUI, they will be unable to encrypt or remove the data on that PowerStore. This free feature is as easy as clicking a checkbox, check out the snapshot from the GUI below.
STIG Mode
The next feature I want to touch on is important for users in the federal space, but is totally irrelevant for everyone else. Security Technical Implementation Guides (STIGs) are cybersecurity configuration standards for IT products established by the US Department of Defense Information Network (DoDIN). The new feature is called STIG mode, and in a nutshell, it automatically configures some security features that are required for federal implementations. This includes stuff like:
- Periodic intrusion detections and alerts
- DoD login banner (See Below)
- User lockout policies
- Password complexity requirements and rules
- Disables the ability to add an appliance to the cluster
Do some of these features look good for your medium sized business? TOO BAD! STIG mode is for Federal Agencies only.
Recycle Bin
The return of the recycle bin! PowerStore 3.5 adds a recycle bin, where deleted volumes go to die. You can configure a retention period for how long volumes will stay in there after they are deleted. Only block devices (LUNs) go to the recycle bin. Filesystems will not go into the Recycle bin. I like to think that the Recycle Bin is a contribution from the best Dell storage system of all time: The Storage Center, which had a similar recycle bin for many years.
Multi-Factor Authentication
Powerstore now supports RSA SecurID for multi-factor authentication. It works for both console and API access, and allows you to use either LDAP integrated accounts or local account.
This feature was almost certainly added as part of the hardening for the federal government, but this feature will be usable for any customer who is using RSA SecurID. I could imagine this feature being useful for environments that are subject to PCI DSS 4.0, where any access to the cardholder data environment must now be challenged via MFA.
Unfortunately, RSA SecurID is the only MFA option available at this point. Its possible that other MFA providers may be added in the future.
There are a few other interesting new features in 3.5, including updates to how share permissions are managed, failsafe networking, and integration with PowerProtect DD appliances. They also increased many of the system limits, such as maximum filesystems per appliance and maximum mounted snapshots.
If you want to learn more about any of these features, check out this post from Dell: https://infohub.delltechnologies.com/p/what-s-new-in-powerstore-os-3-5/
Want to go a little deeper? Take a look at the release notes here.