While it may not quite feel like it in your area, this time of year is typically when people start to think about spring cleaning. While this activity, and having a clean environment is supposed to be therapeutic, many people don’t think about cleaning the things they can’t see – their digital life. Micro Focus actually has many tools to help you manage and simplify your IT and electronic resources. To those of you who know how we are organized internally, in this first part, let’s take a look at some things you can do to simplify and clean-up your File and Print resources.
The file system is definitely one of those things that is “out of sight, out of mind”. In many cases the file system has existed for years and even decades. The servers that host it have been upgraded both from a hardware and software perspective but in many cases the data has simply been brought forward without any regard for what it is and who is using it. Fortunately, we have several tools available to help you with this.
File Reporter is basically an inventory of your data. It can tell you when the file was created, who owns it, and when was it last modified or accessed. This can tell you not only how relevant this file is to your business, in terms of when was the last time it was used, but also does the owner of the file even still work here? This might not seem that important but in some organizations, they have a disposition policy that a document be archived or removed after a period of time after the person has left the organization. You might think that it’s not a big deal to have unused documents around but there are several reasons why you might want to rethink that:
- Back-ups – if no one is accessing these files, why repeatedly back them up?
- High-availability – again, if no one is accessing these documents, should you invest in high-availability and fast SSD storage for these files?
- Security – these documents may contain sensitive information and if no one needs these files, why keep them around for either internal or external hackers to find. Furthermore, if no one is accessing them but you do need to keep them for regulatory reasons, why not move them off-line or at least limit access to them in case of something like a ransomware attack?
In addition to this type of file status meta-data File Reporter can also provide security information on a file. Since many of these files may have existed for some time, chances are that the security policies may have changed over that time period as well or, the people managing the security of the data has changed over time and their methodology for doing so might have changed as well. File Reporter also collects security information on the files and is able to produce reports show “who has access to which files and folders”, “how did they get access to the files or folders” and on the flip side, “what does this individual have rights to”. Ensuring the right people have access to the right files and folders can not only provide you with peace of mind but in some areas, it could also be a requirement to prove that no one else has or can access this type of data.
File Reporter supports both your OES and Windows environment and, for those of you who perhaps already own it, unless you bought File Management Suite for OES, you actually have a license to use it for both environments provided it is the same users who access both worlds.
If you don’t have File Reporter, or don’t need all of it’s capabilities, on a more basic level, each OES server can also produce more limited reports as to the content of the data they hold. This can be accomplished though (Novell) Remote Manage (also know as NoRM). Using the available Inventory Reports you can see things like when files were created, last modified or accessed, types of files, etc. The reports are certainly not as rich and capable as File Reporter but this could get you started in understanding your file system and put you on a path to cleaning it up and getting it under control.
Now that you understand the problem and the extent of it, you can begin to get it under control. Like before, we have several means to do so.
First let’s talk about a feature in OES called Dynamic Storage Technology or DST. DST lets you tier your data. As an administrator you define a secondary storage location and proceed to set a policy (in Remote Manager – see above) for what you want to clean up. The policy could be files that haven’t been accessed in the last 6 months, MP3 or MP4 files, files greater than 20 megs, etc. and then, per your policy, all the files will get migrated to the secondary storage location. From an administrative perspective you’ve managed to extract the old and unwanted/unneeded files and move them to a secondary storage location. The storage location for these less desirable files could be slower and cheaper, iSCSI or SATA based storage since these files are typically not accessed as often. Additionally, you now have two storage locations to backup instead of one. The more used and active files area is now significantly smaller and can easily be backed up daily. The older files can be backed up weekly or maybe even monthly since they do no change. To the end user this segmentation is totally transparent. They still see the files just as they always have, in the one storage location. They see a merged view of these two storage areas. If for some reason someone were to access one of these older files, DST will automatically move the file back into the primary storage location for inclusion into the daily back-up routines. From customers who have implemented DST, the primary storage, or active files, typically only represent about 10% of the data on their OES servers. DST can also be used if you are cleaning up and retiring older storage hardware in your environment. By creating a connection to both SANs, DST can be run in reverse and pull active data from your old SAN onto your new SAN. You can either incrementally adjust your policy to eventually move all the data forward or simply move forward as much as you want to keep and then dispose of the older hardware when you have what you want/need.
In OES 2018 we introduced the evolution of DST with Cloud Integrated Storage services (CIS). CIS works somewhat similar to DST though instead of migrating data to local storage, it can migrate the data into the “cloud”. The “cloud” can be any S3 compatible storage solution – either something public like Amazon or some other private cloud solution including our own SUSE Storage.
In addition to OES, we also have a solution called Storage Manager. Storage Manage, like File Reporter, can work on both OES and Windows file systems provided you have the correct licenses. Storage Manage automates the file system taking care of repetitive tasks or tasks that would otherwise be impossible or difficult to complete. Some of the things Storage Manager can do for you include:
- Automatically provision new users and more importantly, set quotas to ensure they can’t fill up the file system with files that are never looked at again and therefore not needed.
- Manage shared directories to ensure the rights/security permissions are applied consistently, and more importantly revoked when access to these directories is no longer needed.
- Reclaim storage when a user leaves the organization. Storage Manage can detect when a user leaves and can delete or archive the personal data of that user.
- Groom your file system removing or archiving certain file types per your policies. IE delete *.tmp, *.mp3, etc files and move files that are older than a given time period to another volume. In this case, unlike DST, the secondary storage location for these files is not a merged view but rather another drive letter or share that would need to be accessed by the user. Again, this may not be a bad thing from the perspective security and reducing possible exposure to hacker or ransomware threats.
As you’re considering cleaning up your file and print infrastructure, here are a couple of other things to include:
- Printing – in this case literally cleaning up your printing. Many people print documents and either forget to pick them up or decide later that they didn’t in fact need to print them. iPrint (Appliance) and iPrint for OES (which is the free add-on to OES and adds the iPrint Appliance features back into OES) users have a feature called Walk-up Printing. This directs print jobs to a virtual print queue where they are held until the user releases the print job to the desired printer. If the user forgets, the print job is automatically purged after a period of time. If the user decides they no longer need the document printed, they can simply delete the print job or let it expire naturally. Either way, the possibility of the document ending up in the trash or the recycling bin is averted.
- OES is licensed by user who has access to and is receiving benefit of the OES software. If you have users who have left the organization and no longer need access, remove them from eDirectory and reclaim your licenses. OES does have a concept of “Inactive Users” whereby you are not charged for users who have not logged in within the last 120 days but why wait? There is a possibility of a true-up happening within that time frame and these older, unused accounts getting hacked in some way because there is no longer anyone there to reset the password on a periodic basis to ensure social media information or previously acquired passwords can’t be used to access your system. If you have enabled NSS for AD, it is the combination of the OES eDirectory users and the AD users who now have access to the OES server now that it is a member of the AD Domain, less any duplicate users between the two environments. In order to limit the number of AD users who have access to the OES resources, be sure to use the OESAccessGrp in AD to limit the number of AD users who have access to OES .
- There are other implications to cleaning up unused accounts as well. Storage Manager and File Reporter are licensed by user IDs who benefit from the software. If Storage Manager is still managing home folders or collaborative storage for these inactive users, they technically still require a license. Similarly, if they still have rights to the file system and File Reporter is reporting on these rights, they technically still require a File Reporter license.
- Filr and iPrint are also licensed by user and also do not have the concept of “Inactive User”. If you don’t want to enable all of your users to access these, be sure to limit the number of users you import into the system. This TID written for Filr will help and is also applicable to iPrint – https://www.novell.com/support/kb/doc.php?id=7012397
As you can see, there is a lot here – so much so that you should perhaps consider making this an ongoing effort rather than waiting till “spring cleaning” to take care of this. The benefits are not only peace of mind but also security, which can help guard against hackers and malware, as well as compliance with product EULAs. Also, as you may have noticed, this just covers a portion of our product portfolio and not some of the other solutions we provide. I’ll be covering some of those in an upcoming article – watch for those in the near future. For now, this can get you started in your clean-up efforts.