Okay, so maybe hiring that guy who looks like Snidely Whiplash was a poor choice. Starting with ONTAP 9.11.1 you can enable further secure ONTAP by setting up multi-admin verification, or MAV for short. MAV can prevent system administrators from taking certain data disruptive actions without getting approval from at least one other administrator. How it Works MAV works by creating a rule set of commands or GUI operations that require multiple users to approve before it can be executed. Alongside are administrator groups which can provide authentication for those actions. When an action is triggered that’s a part of[…]
Read moreCategory: Storage
NetApp ONTAP – Whitelist and Blacklist Extensions with FPolicy via CLI, API, and System Manager
Within NetApp’s ONTAP software there’s the ability to monitor NAS actions via functionality called FPolicy. It’s essentially a notification framework that’s built around the logging and notification of actions against SMB/CIFS and NFS shares. The real power of FPolicy comes to light when you partner it with an off-system engine like Varonis or Cloud Secure, opening the door to all kinds of smart security controls. Native on-system FPolicy functionality is comparatively limited. While the framework is active and feeds info back into the other areas like logging, it lacks the majority of feature rich components an off-system partner provides. One[…]
Read moreAWS and VMware Cloud go live with FSx NetApp ONTAP datastores – An introduction and guide
Recently, at VMworld Explore, VMware and AWS announced general availability of the much-anticipated integration of AWS’ FSx NetApp ONTAP NFS shares for use in their VMware Cloud virtualization stack. This article will cover the benefits and considerations so you can see whether it fits with your cloud journey. I tried to create a title for this post that wasn’t incredibly long, without using a metric ton of acronyms. Forewarning this post is going to be acronym heavy, even more so as usual, since we’re combining technical concepts across three acronym pushing tech companies. TL;DR VMware’s stack in AWS, VMC, now[…]
Read moreNetApp Cloud Volumes ONTAP – Understanding Offerings, Licensing, Pricing, and More
The sky above the port was the color of television, tuned to a dead channel. “All these different licensing tiers are confusing,” Judsonian heard someone say, as he shouldered his way through the crowd around the door of NetApp. “It’s like someone took a simple concept and set the difficulty to 11.” It was a Cloud voice and a Cloud joke. Simply put, NetApp’s Cloud Volumes ONTAP (CVO) is a simple great product. The licensing around it, well, that’s a lot more cumbersome. CVO – What is it? How is it licensed? CVO is NetApp’s ONTAP software running in AWS,[…]
Read moreNetApp StorageGRID – Understanding Erasure Coding and Information Lifecycle Management
Erasure Coding (EC) and Information Lifecycle Management (ILM) aren’t unique to StorageGRID. They’re ubiquitous to the object storage landscape, underpinning concepts like RAID and compression. Yet if you’re unfamiliar with the architecture these concepts might be confusing at first glance. The hope with this post is to cover these concepts, not only in direct relation to StorageGRID, but in a way that can apply globally. A Quick Intro to Object Storage Objects are a data storage methodology going back several decades. The general idea is instead of creating and maintaining a hierarchical file system the file/chunk of data/block is packaged[…]
Read moreIntro to Autonomous Ransomware Detection and Mitigation in ONTAP 9.10.1 and Later
With the release of ONTAP 9.10.1 comes a new feature built into ONTAP, anti-ransomware detection. What it Does One of the concerns of a ransomware attack is the lack of visibility, which directly impacts response time. If ransomware kicks off overnight, or over the weekend it could be hour or days before anyone knows what happens. For archive environments it could be even longer with disastrous consequences. Anti-ransomware detection in ONTAP is built on file system analytics and uses “machine learning” to detect possible ransomware attacks on NAS. The first thing it’s looking for is whether the incoming data is[…]
Read moreNetApp ONTAP – Protecting Against Ransomware
First off, this post is thanks to my mate Charles. He wrote most of this up for his customers and I asked if I could snag it, throw my spin on it, and share it here. A lot of this comes from TR-4569, Security Hardening for ONTAP. That should be your go-to source for security on ONTAP. There’s also TR-4572, The NetApp Solution for Ransomware, which is sadly light on details and out of date. There’s also a pretty nifty video from Insight 2020 that covers a lot (I’ll even reference it later). This post is more ransomware concern forward.[…]
Read moreAmazon FSx for NetApp ONTAP – A Brief-ish Overview
Who is your daddy and what does he do? What is it? Amazon FSx is AWS’s managed services for filesystems. Basically if you want Windows File Server or Lustre out of the box – aka don’t want to manually setup and support those in your environment – you can use FSx to deploy an AWS managed environment. FSx NetApp ONTAP, FSx for ONTAP, FSx ONTAP, or FSxO (pick your preferred name out of a hat) is the same. It allows AWS users to provision NetApp’s ONTAP environment as a service managed directly by AWS. Dec 10 Update – The internal[…]
Read more
A quick introduction to NetApp’s StorageGRID
Before I go further it’s best to have an understanding of object storage. The analogy I hear quite a bit, and now tell myself, equates object storage to valet parking. Well, magical valet parking. Using traditional file storage is like using your average self park lot. You find a place to put your car, you put it there, and you’re responsible to remembering where you parked it and retrieving it for later. Object storage comparatively like valet parking. You drop your file off, get a ticket, and use that as a reference to for the valet to find the file[…]
Read moreNetApp ONTAP Cloud Licensing
If you’re looking to deploy an instance of NetApp’s ONTAP Cloud in AWS or Azure it’s important to understand the licensing models. Not only does it effect the size and performance of your instance, but it also effects your bottom line. Pay-As-You-Go Pay-as-you-go licenses are charged on an hourly basis along side the cost of running the instance/VM. The costs associated will appear on your bill from AWS/Azure. This license model is best suited for short term or smaller environments. You don’t have to associate your NetApp Support Site account but it’s highly recommended to get service support. License[…]
Read more