QuTS hero h6.0 Series | Notes d'information

QuTS hero h6.0.0 introduces important new features to maximize service availability, enhance data security, and improve management efficiency for your QNAP NAS devices. You can now set up a high-availability environment with two QNAP NAS devices to ensure continuous business operations in case of hardware failures. You can also make your snapshots immutable and configure KMIP service for encryption key management. With enhanced authentication methods, your account and device even more secure. 

We also include fixes for reported issues and provide information about known issues. For details, see Fixed and Known Issues. You should also see Important Notes before updating QuTS hero. 

With the new application High Availability Manager, you can now create a high-availability (HA) environment for your system to enable continuous service in the event of hardware failures. The application allows you to create an HA cluster with two NAS devices, where the active node manages all data operations and services, while the passive node is a backup device that continuously synchronizes data and service settings from the active node. If the active node fails, the passive node will automatically take over to continue providing those services, ensuring uninterrupted business operations. You can also configure automatic failback, allowing the system to automatically transfer the active role back to the original active node when it recovers. 

You can now make your snapshots immutable for extra protection against accidental modifications or malicious tampering such as ransomware attacks. When taking or editing a snapshot, or creating a local snapshot schedule, you can select a protection policy that prohibits automatic deletion by the system and/or manual deletion by a user. You can also specify the expiration time for the prohibition. 

Note: Immutable snapshots are not currently supported in a high-availability cluster. 

You can now enable KMIP (Key Management Interoperability Protocol) service to efficiently manage your encryption keys. By configuring a KMIP client and connecting it to a remote key server of your choice, you can store and access encryption keys in a single secure location. This allows you to streamline and centralize key management for various NAS features, such as encrypted shared folders and encrypted LUNs. 

To configure KMIP service, you must first install KMIP Client in App Center, and then go to Control Panel > System > Security > KMIP. 

QuTS hero now supports FIDO2 (Fast Identity Online 2), which is an authentication standard that strengthens account security and provides a smoother login experience. With FIDO2, you can log in to the NAS with more secure methods such as Windows Hello, Touch ID, and hardware authentication devices such as YubiKey. This replaces conventional passwords with phishing-resistant cryptographic keys stored on trusted devices. Since you authenticate with a physical key or built-in biometrics, common password attacks become ineffective. FIDO2 also simplifies NAS login. You no longer need to remember complex passwords. 

To use FIDO2 authentication, install FIDO2 Server in the App Center and then configure security settings in Desktop > Task Bar > Login and Security > Passwordless Login. 

To streamline your login experience, you can now log in to the NAS with your QNAP ID. To do so, you can link your QNAP ID to a local or domain account for a NAS device. For better account security, you should enable 2-step verification for your QNAP ID before linking with a NAS account.  

To enable login with QNAP ID, go to Control Panel > System > Security > Login & Password. Then you can link your QNAP ID to a NAS account in Desktop > Task Bar > Login and Security > Advanced Settings. 

iSCSI & Fibre Channel now supports N_Port ID Virtualization (NPIV), a Fibre Channel (FC) technology that allows multiple World Wide Names (WWNs) to share a single physical port. This enables multiple virtual machines or applications to connect to a storage area network (SAN) independently through the same physical host port, improving scalability, resource utilization, and simplifying SAN management. NPIV also enables FC services in high-availability (HA) environments. 

To enable NPIV service, go to iSCSI & Fibre Channel > Protocol Settings > Fibre Channel Service. 

Storage Manager now supports the creation of Qtier storage pools to improve storage efficiency and enhance read/write performance. Each pool can include two to three tiers, with faster tiers for frequently accessed data and slower tiers for less frequently accessed data. Users can configure a retention period before tiering begins and also assign a target tier to each shared folder or LUN within the pool, allowing for precise control over when and where data is stored. 

To create a tiered storage pool, go to Storage Manager > Storage Space > Create > New Qtier Storage Pool. 

Malware Remover now introduces Ransomware Guard, a feature that strengthens system security by detecting and controlling suspicious programs. Ransomware Guard monitors unusual behaviors such as unauthorized file encryption, file renaming, and excessive read/write activity, and can automatically restrict programs that match known malware signatures. This release is supported on Malware Remover 7.0 and is supported on systems running Linux kernel 5.10 or later. 

To enable Ransomware Guard, go to Malware Remover > Ransomware Guard. 

Ransomware Guard is not included in QuTS hero h6.0.0 public beta, but it will be included in the next releases. 

QuTS hero now supports upgrading ACL (Access Control List) to 2.0 to enhance ACL performance. This upgrade significantly improves the performance of checking or configuring permission settings for a large number of files and folders. In addition, it also increases the limit of configurable ACL entries, thus further enhancing permission management flexibility for larger organizations.  

You can choose to continue using the legacy ACL settings or upgrading to ACL 2.0. Note that this upgrade is permanent and cannot be reversed.