Before you can roll up your sleeves and start using BlueXP from NetApp you need to set up a Cloud Connector. These are small virtual machines which run a myriad of containers to facilitate all the various bits and bobs that provide a connectivity foundation for the BlueXP feature set. Ideally, well, ideally if you’re using resources in one of the large hyperscalers (AWS, Azure, GCP) you want to deploy a connector there. That gives you the ability to use the Cloud Connector as, basically, a API and command pass through. Essentially allowing BlueXP to talk directly to the hyperscaler[…]
Read moreLatest Posts
NetApp ONTAP – Setting up Multi-Admin Verification via CLI and System Manager
Okay, so maybe hiring that guy who looks like Snidely Whiplash was a poor choice. Starting with ONTAP 9.11.1 you can enable further secure ONTAP by setting up multi-admin verification, or MAV for short. MAV can prevent system administrators from taking certain data disruptive actions without getting approval from at least one other administrator. How it Works MAV works by creating a rule set of commands or GUI operations that require multiple users to approve before it can be executed. Alongside are administrator groups which can provide authentication for those actions. When an action is triggered that’s a part of[…]
Read moreNetApp ONTAP – Whitelist and Blacklist Extensions with FPolicy via CLI, API, and System Manager
Within NetApp’s ONTAP software there’s the ability to monitor NAS actions via functionality called FPolicy. It’s essentially a notification framework that’s built around the logging and notification of actions against SMB/CIFS and NFS shares. The real power of FPolicy comes to light when you partner it with an off-system engine like Varonis or Cloud Secure, opening the door to all kinds of smart security controls. Native on-system FPolicy functionality is comparatively limited. While the framework is active and feeds info back into the other areas like logging, it lacks the majority of feature rich components an off-system partner provides. One[…]
Read moreAWS and VMware Cloud go live with FSx NetApp ONTAP datastores – An introduction and guide
Recently, at VMworld Explore, VMware and AWS announced general availability of the much-anticipated integration of AWS’ FSx NetApp ONTAP NFS shares for use in their VMware Cloud virtualization stack. This article will cover the benefits and considerations so you can see whether it fits with your cloud journey. I tried to create a title for this post that wasn’t incredibly long, without using a metric ton of acronyms. Forewarning this post is going to be acronym heavy, even more so as usual, since we’re combining technical concepts across three acronym pushing tech companies. TL;DR VMware’s stack in AWS, VMC, now[…]
Read moreNetApp Cloud Volumes ONTAP – Understanding Offerings, Licensing, Pricing, and More
The sky above the port was the color of television, tuned to a dead channel. “All these different licensing tiers are confusing,” Judsonian heard someone say, as he shouldered his way through the crowd around the door of NetApp. “It’s like someone took a simple concept and set the difficulty to 11.” It was a Cloud voice and a Cloud joke. Simply put, NetApp’s Cloud Volumes ONTAP (CVO) is a simple great product. The licensing around it, well, that’s a lot more cumbersome. CVO – What is it? How is it licensed? CVO is NetApp’s ONTAP software running in AWS,[…]
Read moreDeploying Azure NetApp Files – A Quick Guide
I wanted to write a quick guide on Azure NetApp Files in Microsoft Azure, with info on how the service works and how to deploy it. I say quick but ended up adding more technical details than one might say is required – that’s just he engineer in me. I hope you find this helpful and relatively straight forward. Azure NetApp Files – What Is It? Azure NetApp Files (ANF) is an Azure native deployment of NetApp’s ONTAP platform in their cloud environment. ANF is simply high performance file shares using NFSv3, NFSv4.1, SMB, or a combination. As part of[…]
Read moreNetApp Cloud Insights – ONTAP EMS Alerting & Dashboard Widgets
Back in December 2021, NetApp’s Cloud Insights (CI) added support for ONTAP’s Event Management System (EMS) alerts. I don’t know how many possible EMS alerts there are but the event catalog is only a meager 2229 pages long. From what I understand the CI team worked with the ONTAP engineering team to highlight the 75-100 or so alerts are really impactful on a day-to-day basis. For this article I just wanted to quickly highlight how to check the EMS logs and show how to create simple dashboard widgets to display them. Log Explorer Now under Queries you can create and[…]
Read moreNetApp StorageGRID – Understanding Erasure Coding and Information Lifecycle Management
Erasure Coding (EC) and Information Lifecycle Management (ILM) aren’t unique to StorageGRID. They’re ubiquitous to the object storage landscape, underpinning concepts like RAID and compression. Yet if you’re unfamiliar with the architecture these concepts might be confusing at first glance. The hope with this post is to cover these concepts, not only in direct relation to StorageGRID, but in a way that can apply globally. A Quick Intro to Object Storage Objects are a data storage methodology going back several decades. The general idea is instead of creating and maintaining a hierarchical file system the file/chunk of data/block is packaged[…]
Read moreIntro to Autonomous Ransomware Detection and Mitigation in ONTAP 9.10.1 and Later
With the release of ONTAP 9.10.1 comes a new feature built into ONTAP, anti-ransomware detection. What it Does One of the concerns of a ransomware attack is the lack of visibility, which directly impacts response time. If ransomware kicks off overnight, or over the weekend it could be hour or days before anyone knows what happens. For archive environments it could be even longer with disastrous consequences. Anti-ransomware detection in ONTAP is built on file system analytics and uses “machine learning” to detect possible ransomware attacks on NAS. The first thing it’s looking for is whether the incoming data is[…]
Read moreNetApp ONTAP – Protecting Against Ransomware
First off, this post is thanks to my mate Charles. He wrote most of this up for his customers and I asked if I could snag it, throw my spin on it, and share it here. A lot of this comes from TR-4569, Security Hardening for ONTAP. That should be your go-to source for security on ONTAP. There’s also TR-4572, The NetApp Solution for Ransomware, which is sadly light on details and out of date. There’s also a pretty nifty video from Insight 2020 that covers a lot (I’ll even reference it later). This post is more ransomware concern forward.[…]
Read more