Welcome back! If you’re here, that means I’ve at least somewhat captured your imagination about what the latest Nutanix Files platform can do today and might be able to do in the future, specifically around analytics. As mentioned in Part I, Part II of this three-part series reviews additional Files features such as Data Age, Users and Permissions.
If I were a betting man, I’d wager that most data in the typical corporate environment is old and cold. This makes Data Age one of the more interesting information points in the analytics section of Files version 3.5. Lucky for me, I was able to find a fairly nice distribution of data to mess around with.
In its current form, Files’ Data Age pie graph doesn’t tell you where within the shares/folder structure the data reside. But Nutanix knows — they’ve crawled the file system, folders and files to get this information. Now it’s just a matter of being able to display the location of these files to help you manually clean things up if you so choose. I say “manually” as I don’t see Nutanix ever having native functionality that will automatically delete data. It’s a risky business that would have a lot of potential legal implications.
As you can see from the image above, almost 70 percent of my data was created more than six months ago, with nearly 50 percent being more than 12 months old! Wouldn’t it be nice to use this information to tier-off older data to cheaper storage? Say, maybe some sort of S3 storage? Before you say, “But what about…?” Hold that thought. Hopefully I address it below.
Next, let’s look at the “Top 5 Accessed Files” bar graph toward the bottom of the analytics page. You might be thinking “top five files… great, that doesn’t help very much.” And you’d be right. Seeing the top five files out of tens of thousands or millions can be pretty meaningless. The good news is that clicking on the “more” button expands the view to the top 50 files.
I see this view as potentially useful to an administrator familiar enough with environment trends to spot anomalies in access frequency. (More on such anomalies later.)
The screenshot above shows you can see where the file resides within the share. The power of this is that clicking on the file name brings up a full audit trail.
Part III in this blog series will cover the Audit Trails feature in more detail.
Combining Age and Access
While individual Data Age and File Access data points may not mean much to some, it’s interesting to think outside the box about what Nutanix could do with this information. For instance, combining Data Age and a potential S3 archival capability with Access Frequency could help automate auto-archiving and avoid end-user performance issues. For example:
- If Data Age > 12 months and If Access Frequency > ## in last ## Days
- Don’t Archive off
- Else Archive
- If <file> = archived and access > ##
- Bring back on-prem
Is it that simple? Probably not. But I have to imagine this is something Nutanix is working on or has at least thought about implementing in some manner. Other OEMs are moving in this direction, and this particular combination has been an ask from customers. The good news is much smarter people than me are likely working on this issue and figuring out how to make it as seamless as possible to end users.
Top Active Users and Permission Denials
The Active Users and Permission Denials graphs in Files can be extremely powerful, especially at a glance. As you can see from the screenshots below, it’s pretty clear that user “mercierj” is incredibly active on the file share compared to user “jonesm.”
Is this activity normal? Is the user trying to access something he shouldn’t? Is there something wrong with the user? The information found in the Active Users and Permission Denials views can get us closer to answering those questions.
While these graphs alone don’t tell us much, we can still glean several useful pieces of information: that user “mercierj” did something with 16.7k “files” (or what we should assume to be files); that he is the top user; and that he was denied access 113 times.
The 16.7k “something” is what an administrator wants to learn more about. Clicking the username brings up the Audit Details for that specific user.
Let’s take a look at the Audit Details feature of Files below.
Reviewing the user’s Audit Details can tell an admin the following:
- The user created a lot of files. The admin may want to reach out and ask if this was intended.
- The user changed permissions on over 7,000 files. Is that normal? The admin should reach out and learn the purpose behind this activity.
- The user deleted a bunch of files. Was it by accident? (FYI, Files has Snapshot and Self-service Restore functionalities to retrieve deleted files that are not addressed in this blog series.)
- Why is the user trying to access files he doesn’t have permission to? Is his workstation infected?
- The admin can tell where the access is coming from with the “User IP Address” column. Maybe the admin quarantines that IP and takes it off the network until he figures out the reason behind the activity. Or if the admin is brave enough, he can even disable the user in AD until the issues are resolved.
In the Audit Trails view, an administrator can get very specific with timeframes for user actions. As you’ve seen with other Files’ graphs, these timeframes can be rigid. However, I fully expect Nutanix to bring more flexibility to its graphs as the platform matures.
Because Audit Trails is one of my favorite sections of Files analytics, it will receive a more in-depth review in Part III of this series. Part III will also address Anomalies and Pricing Structure.
As a quick reminder, we have this capability published in the WWT ATC Portal. You can also access our latest hyper-converged labs that feature many Nutanix solutions. Just reach out to your account manager or connect with us online.