Judsonian.com

NetApp ONTAP – Setting up Multi-Admin Verification via CLI and System Manager

Okay, so maybe hiring that guy who looks like Snidely Whiplash was a poor choice. Starting with ONTAP 9.11.1 you can enable further secure ONTAP by setting up multi-admin verification, or MAV for short. MAV can prevent system administrators from taking certain data disruptive actions without getting approval from at least one other administrator. How it Works MAV works by creating a rule set of commands or GUI operations that require multiple users to approve before it can be executed. Alongside are administrator groups which can provide authentication for those actions. When an action is triggered that’s a part of[…]

Read more

NetApp ONTAP – Whitelist and Blacklist Extensions with FPolicy via CLI, API, and System Manager

Within NetApp’s ONTAP software there’s the ability to monitor NAS actions via functionality called FPolicy. It’s essentially a notification framework that’s built around the logging and notification of actions against SMB/CIFS and NFS shares. The real power of FPolicy comes to light when you partner it with an off-system engine like Varonis or Cloud Secure, opening the door to all kinds of smart security controls. Native on-system FPolicy functionality is comparatively limited. While the framework is active and feeds info back into the other areas like logging, it lacks the majority of feature rich components an off-system partner provides. One[…]

Read more

AWS and VMware Cloud go live with FSx NetApp ONTAP datastores – An introduction and guide

Recently, at VMworld Explore, VMware and AWS announced general availability of the much-anticipated integration of AWS’ FSx NetApp ONTAP NFS shares for use in their VMware Cloud virtualization stack. This article will cover the benefits and considerations so you can see whether it fits with your cloud journey. I tried to create a title for this post that wasn’t incredibly long, without using a metric ton of acronyms. Forewarning this post is going to be acronym heavy, even more so as usual, since we’re combining technical concepts across three acronym pushing tech companies. TL;DR VMware’s stack in AWS, VMC, now[…]

Read more

Intro to Autonomous Ransomware Detection and Mitigation in ONTAP 9.10.1 and Later

With the release of ONTAP 9.10.1 comes a new feature built into ONTAP, anti-ransomware detection. What it Does One of the concerns of a ransomware attack is the lack of visibility, which directly impacts response time. If ransomware kicks off overnight, or over the weekend it could be hour or days before anyone knows what happens. For archive environments it could be even longer with disastrous consequences. Anti-ransomware detection in ONTAP is built on file system analytics and uses “machine learning” to detect possible ransomware attacks on NAS. The first thing it’s looking for is whether the incoming data is[…]

Read more

NetApp ONTAP – Protecting Against Ransomware

First off, this post is thanks to my mate Charles. He wrote most of this up for his customers and I asked if I could snag it, throw my spin on it, and share it here. A lot of this comes from TR-4569, Security Hardening for ONTAP. That should be your go-to source for security on ONTAP. There’s also TR-4572, The NetApp Solution for Ransomware, which is sadly light on details and out of date. There’s also a pretty nifty video from Insight 2020 that covers a lot (I’ll even reference it later). This post is more ransomware concern forward.[…]

Read more

Amazon FSx for NetApp ONTAP – A Brief-ish Overview

Who is your daddy and what does he do? What is it? Amazon FSx is AWS’s managed services for filesystems. Basically if you want Windows File Server or Lustre out of the box – aka don’t want to manually setup and support those in your environment – you can use FSx to deploy an AWS managed environment. FSx NetApp ONTAP, FSx for ONTAP, FSx ONTAP, or FSxO (pick your preferred name out of a hat) is the same. It allows AWS users to provision NetApp’s ONTAP environment as a service managed directly by AWS. Dec 10 Update – The internal[…]

Read more

Compare and Contrast: NetApp Cloud Volumes ONTAP compared to Azure NetApp Files

It’s time for you to deploy in Azure. As part of your project you’ve got a bunch of NAS data you want to mange and present to various users and applications. You could stand up a virtual machine and install SMB services, but who wants to manage that? You could use Azure Files, but even Microsoft says Azure NetApp Files is the better solution. Then you got someone talking about Cloud Volumes ONTAP. Hopefully this quick article will give you the foundation to understanding the differences and decide which (or sometimes a mix) is best for your use case. For[…]

Read more

NetApp ONTAP Cloud Licensing

If you’re looking to deploy an instance of NetApp’s ONTAP Cloud in AWS or Azure it’s important to understand the licensing models. Not only does it effect the size and performance of your instance, but it also effects your bottom line.   Pay-As-You-Go Pay-as-you-go licenses are charged on an hourly basis along side the cost of running the instance/VM. The costs associated will appear on your bill from AWS/Azure. This license model is best suited for short term or smaller environments. You don’t have to associate your NetApp Support Site account but it’s highly recommended to get service support. License[…]

Read more