Top 3 operational differences in EMC Isilon OneFS 7.1.1

As EMC Isilon OneFS 6.5 and OneFS 7.0 reach their end-of-service life (EOSL) this year, many EMC Isilon customers will be upgrading to OneFS 7.1.1. If you plan to upgrade to OneFS 7.1.1, there are several new features, enhancements, and operational changes that may affect your day-to-day administration tasks. We want you to be aware of some the differences that impact upgrade planning, because they may require pre-upgrade tasks. You can find detailed information in the OneFS 7.1.1 Behavioral and Operational Differences and New Features document on the Isilon Community and OneFS 7.1.1 release notes on the EMC Online Support site.

Meanwhile, here are the top three changes for you to prepare for:

  • Access zones: directory configuration and NFS access
  • SmartPools®: node pool configuration
  • Role-based access controls

Access zones

In OneFS 6.5, access to cluster resources was controlled by authentication providers such as SMB, NFS, and SSH. Beginning in OneFS 7.0, user access to the cluster is controlled through access zones. With access zones, you can partition the cluster configuration into self-contained units, and configure a subset of parameters as a virtual cluster with its own set of authentication providers, user mapping rules, and SMB shares. The built-in access zone is the System zone, which, by default provides the same behavior as OneFS 6.5. You can connect to access zones using all available authentication providers, NFS exports, and SMB shares.

In OneFS 7.1.1, however, you cannot configure NFS exports in multiple access zones. NFS access is restricted to the System zone only. (In OneFS 7.2, NFS is zone-aware for access to multiple access zones.)

Also, access zones require a unique top-level root directory in OneFS 7.1.1. The root directories, or base paths, for multiple access zones in OneFS 7.1.1 cannot overlap with each other.

An important note!

If you currently use multiple access zones in your OneFS 7.0 or OneFS 7.1 cluster, you must check your access zone configuration for overlapping directories. If base paths overlap before you upgrade to OneFS 7.1.1, all previously created access zones will be assigned a base path of /ifs. Refer to OneFS 7.1.1 and Later: Best Practices for Upgrading Clusters Configured with Access Zones before upgrading to prevent a scenario where directories are assigned a new base path to accommodate access zones in OneFS 7.1.1.


In OneFS 6.5, a group of nodes is called a disk pool. Different types of drives could be assigned to a disk pool. There are several changes in SmartPools since 7.0. Beginning in OneFS 7.0, a group of nodes is called a node pool, and a group of disks in a node pool is called a disk pool. Also beginning in OneFS 7.0, nodes are automatically assigned to node pools in the cluster based on the node type. This is called autoprovisioning. Node pools can only include drives of the same equivalence class (review the equivalence class of nodes in the Isilon Supportability & Compatibility Guide). However, you can include multiple node pools into a higher level grouping called tiers. Finally, in the web administration interface of OneFS 7.1.1, SmartPools is located as a tab within Storage Pools.

Disk pools can no longer be viewed or targeted directly through the OneFS 7.1.1 web administration interface or the command-line interface. Instead, the smallest unit of storage that can be administered in OneFS 7.0 is a node pool. Disk pools are managed exclusively by the system through autoprovisioning.

An important note!

If you are running OneFS 6.5 or OneFS 6.5.5 and have node pools of mixed node types, you must configure disk pools into supported OneFS 7.0 and later node pool configurations well in advance of upgrading to OneFS 7.1.1. Supported node pool configurations must contain nodes of the same type, according to their node equivalence class.

Role-based access control (RBAC)

In OneFS 6.5, you can grant web and SSH login and configuration access to non-root users by adding them to the administrator group. In OneFS 7.0 and later, the admin group is replaced with the administrator role using role-based access control (RBAC). RBAC enables you to create and configure additional roles. A role is a collection of OneFS privileges that are granted to members of that role as they log in to the cluster. Only root and admin user accounts can perform administrative tasks and add members to roles. OneFS comes pre-loaded with built-in roles for security, auditing, and system administration, and you can create custom roles with their own sets of privileges.

For information about role-based access, including a description of roles and privileges, see Isilon OneFS 7.0: Role-Based Access Control.

An important note!

For OneFS 6.5 and OneFS 6.5.5 users upgrading to OneFS 7.1.1, make sure you add existing administrators to an administrator role.

For more information about OneFS 7.1.1

Visit these links for more information about:

Start a conversation about Isilon content

Have a question or feedback about Isilon content? Visit the online EMC Isilon Community to start a discussion. If you have questions or feedback about this blog, or comments about the video specifically, contact us at To provide documentation feedback or request new content, contact


About the Author: Kirsten Gantenbein