What you might miss about NetApp from Aug-Nov 2019, including Insight in Las Vegas?

Some competitors might say NetApp do not innovate anymore. Well, read this article and answer yourself whether it is true, or it is just yet another shameless marketing.

E-Series

Performance

End-to-End NVMe with EF600 – More I/o (x2 times more than EF570), less latency:

NVMe in EF600

  • 100Gb NVMe/RoCE
  • 100Gb NVMe/InfiniBand
  • 32Gb NVMe/FC

E-Series Performance Analyzer

An automated installation and deployment of Grafana, NetApp E-Series Web Services, and supporting software for performance monitoring of NetApp E-Series Storage Systems. NetApp intend this project to allow you to quickly and simply deploy an instance of our performance analyzer for monitoring your E-Series storage systems. We incorporate various open source components and tools in order to do so. While they primarily intend it to serve as a reference implementation for using Grafana to visualize the performance of your E-Series systems, I also can be customizable and extensible based on your individual needs.

https://github.com/NetApp/eseries-perf-analyzer

New TR docs about EF & DB

MAX Data 1.5

  • Support for ONTAP 9.6 GA and later releases
  • Support for FAS storage systems or ONTAP Select systems running ONTAP 9.7 besides AFF storage systems
  • Resizing application memory allocation
  • Support for Red Hat Enterprise Linux 7.7
  • Support for local snapshots on server-only systems
  • Significant performance improvements with more I/o, less latency: 5.4M I/o 4KB READ @ 12.5usec latency

Previously in 1.4

With version 1.4 you can use MAX Data without AFF. Tiering now works between PMEM and your SSD installed in the server.

Some info leaks that HCI will support MAX Data at some point.

Considering new compute node H615C with the Cascade Lake CPUs, which is by the way, required for Optane memory, so it looks like NetApp putting all together to make it happen.

NetApp & Rubrik

NetApp & Rubrik announced collaboration. First StorageGRID can be a target for Rubrik archives. And second Rubrik now supports NetApp SnapDiff API. SnapDiff API is a technology in ONTAP which compares two snaps and gives a list of files changed so Rubrik can copy only changed files. While Rubrik is not the first in working with NetApp SnapDiff APIs, others like Catalogic, Commvault, IBM (TSM) and Veritas (NetBackup) can work with it as well, but Rubrik is the first one with backing up data to a public cloud. Will be available in Rubrik Cloud Data Management (CDM) v5.2 in 2020.

NetApp & Veeam

Veeam Availability Orchestrator v3 (VAO) provide a new level of NetApp integration for DP:

  • FULL recovery orchestration for NetApp ONTAP Snapshots
  • Automated testing and reports that have become essential to your DR strategies
  • TR-4777: Veeam & StorageGRID

Active IQ 2.0

  • AI learning algorithms based on customer base wisdom provides better insights about risks
  • APIs with Active IQ
  • Now you cannot just monitor but take actions and fix risks with Active IQ (which happens through UM)
  • It also decrease “nose”: Active IC trying to find the root of the problem and solve those problems first which will fix majority of your problems: let’s say you have 100 risks with, but it might happen you can fix 70% with a few fixes
  • OneCollect available in a container, and now sends info to Active IQ

AFF & FAS

AFF400, FAS8300, FAS8700. All of those systems basically the same platform but with a different number of Memory & CPU cores. FAS systems also have FlashCache module onboard for read caching. All three requires 9.7 RC1 and have the latest Intel Cascade Lake processors. And that gives us hope we might see Optane as cache as NetApp showed as part of its vision on Insight 2017:

  • Read more about new AFF400 system at Andre Schmitz’s blog
  • AFF with HW-assistant dedup & compression on a network card Pensando used for Cluster Interconnects
  • RoCE as data protocol available as Proof of Concept lab for testing, but not in 9.7
  • AFF A400 now supports NS224 disk shelf alongside with A320

AFF & NVMe

ONTAP 9.6 is qualified with RedHat, SUSE and Oracle Linux for FC-NVMe. Storage path fail-over (ANA) supported with SUSE Linux 15, Oracle Linux 7.6 and 7.7, and (still) no RedHat Linux because of RedHat slowness.

ONTAP AI with containers

Execute AI workloads at a scale with Trident and Kubernetes for CI solution “ONTAP AI” with NVIDIA DXG servers, networking & NetApp AFF NAS storage.

ASA

ASA is using the same AFF but only provide SAN protocols. ASA systems uses ONTAP with same architecture but Symmetric Active/Active network access for the block devices. Watch a short video about ASA on Twitter. Hardware for ASA is identical to standard AFF A700 and AFF A220 systems, and software bundle includes Flash/Premium bundle licenses minus NAS-only features

ONTAP

Much new stuff in ONTAP 9.7

  • User Interface Improvements
  • Simplified UI allows faster creation of LUNs, NAS shares & DP
  • Hardware health
  • Network connectivity diagram
  • Performance history (previously only performance since you opened it)
  • FabricPool Mirrors: one aggregate connected to a 2 buckets for added resiliency (previously only one bucket per aggregate)
  • CVO now supports Cloud Backup Service in AWS
  • Map NFS clients to specific volumes and IP addresses
  • XCP for rapid file delete
  • TCP Performance Enhancements in ONTAP 9.6
  • Watch a video about ONTAP 9.7 with Skip Shapiro

ONTAP Select

Networking best practices for ONTAP Select

ONTAP SDS is in embedded non-X86 systems for edge devices

Read at Blocks & Files blog post.

FlexGroup

  • Fast in-place conversion FlexVol to FlexGroup
  • NFSv4, 4.1 & pNFS support with NFS security and locking
    • With pNFS data I/O path goes locality in a cluster
  • NDMP with FlexGroups: entire FG, directory or Qtree
    • Dump & Restores between FGs or FG & FlexVols
  • FlexGroup is now supported as an origin volume for FlexCache
  • FlexClone support with FlexGroup
  • VAAI, and copy offload support, though FlexGroups still not recommended with VMs, but we can clearly see NetApp moves that direction

SnapMirror Sync (SM-S)

  • Now SM-S replicate app-created snaps & FlexClones. Scheduled snaps are not replicated though
  • NVMe/FC protocol and namespace support added

NDAS

  • StorageGRID as Object storage added for NDAS besides existing AWS S3
  • Since NDAS replicates data with metadata (Unlike FabricPool), now you can access data directly out of the bucket
  • NetApp looking into an ability to connect NetApp In-Place Analytics Module to object storage bucket with backed up by NDAS data from ONTAP NAS so you can do analytics with your data and how they evolved over the time (i.e. snapshots)

SnapCenter 4.2

  • Installation with few clicks with Linux virtual appliance
  • Simplified addition of new hosts & RBAC
  • Cluster Management LIFs (before you have to add each individual SVM management LIF)
  • Support vSphere HTML client
  • Automatic config check for servers & SC plugins
  • Oracle 18c
  • SnapCenter Plug-in for Microsoft Windows now support disk creation for Windows Server 2019
  • Video about SnapCenter with Steven Cortez

New with VMware & VVOLs:

  • Adaptive QoS with VVOLs are disabled & no longer recommend in VASA 9.6 P1
  • Naming issues with VVOLs on NetApp fixed in 9.6 P1
  • Support for ESXi 6.7 U2
  • In ONTAP 9.7 in System Manager you can create RBAC user role for VSC
  • IOPS, Latency, throughout in VSC 9.6 for VVOLs on SAN (statistics comes directly from ONTAP)
  • REST API for the VASA+VSC+SRM appliance (install & config and for storage provisioning and management)
  • Wizard in VSC 9.6 creates VVOL endpoints

SRM with VVOLs are coming at some point in time

Virtual Storage Console (VSC)

  • Availability of VVol reports
  • Simplified provisioning of data stores
  • Support for configuring throughout floors (QoS Min) for storage capability profiles
  • Support for REST APIs
  • Video with Karl Konnerth about VSC

Active IQ Unified Manager 9.7

  • Most important improvement is actions with simple “Fix it” button
  • New cluster security section in the dashboard
  • Integration with NetApp Service Level Manager, which is now free and included in ONTAP

FlexCache

  • Is now free
  • Supported with on-prem ONTAP systems & Cloud Volumes ONTAP
  • thin provisioning and data compaction
  • Cache volume migration
  • ONTAP auditing of cache volume reads
  • Antivirus scanning of origin volumes
  • Any-to-Any Caching between all ONTAP platforms on-prem & in the cloud, including MCC

MCC

  • FabricPool aggregate support for MCC FC and IP
  • FlexCache support for MCC FC and IP

MetroCluster IP

Open Network: A switch-less MCC 4-node cluster uses customer switches. Switches must comply with NetApp requirements and supported by the customer or switch vendor.

Supported platforms:

  • AFF A800, A700, A320, A300, and even low-end system A220
  • FAS 9000, 8200, 2750

MCC-FC

Supported platforms:

  • AFF A700, A400, A300
  • FAS 9000, 8700, 8300, 8200

ONTAP Mediator instead of tie breaker

New Mediator (instead of the tie-breaker) for MCC & ONTAP SDS. Mediator is passive appliance, managed from ONTAP. All the logic lives in ONTAP versus previously with logic on switchover was on the tie-breaker.

StorageGRID v11.3

Cloud Storage Pools, combined with the StorageGRID industry-leading data placement policy engine (ILM policies), enable your business to automatically and intelligently move only the data that needs to move to one or more clouds. Cloud Storage Pools can be based on buckets, applications, or tenants or at the individual object level (based on metadata key and/or value pairs).

https://blog.netapp.com/introducing-azure-blob-support-tier-to-more-clouds-with-storagegrid/

Keystone: Stuff as a Service

NetApp Launches On-Prem Data Center Storage as a Service:

  • Cloud-like pay-as-you-go Storage
  • Share risks with the Customer
  • Guarantees
  • Performance
  • Availability & Efficiency
  • With real Balance sheet

Complete Digital Advisors as part of Support Edge:

  • AI powered Insights & Smart Health Checks
  • Personalized Support as part of Support Edge
  • Predictable Support Pricing

Lab on demand

New labs for NetApp partners: NKS on NetApp HCI, MAX Data, VSC 9.6 with vSphere 6.7, Active IQ Unified Manager 9.6

Lab on demand for Customers

Even if you are not NetApp customer yet, you can test NetApp products:

  • Storage Tiering with FabricPool
  • Enterprise Application Protection in the Data Fabric with ONTAP
  • Understanding Trident
  • Others

https://www.netapp.com/us/try-and-buy/test-drive/index.aspx

There are more labs for current NetApp customers

Hands-on lab is in beta testing at the moment:

  • Data Protection
  • Enterprise Database Backups
  • FabricPool
  • ONTAP NAS Technologies
  • ONTAP SAN Technologies
  • Trident plugin for containers & Kubernetes

https://mysupport-beta.netapp.com/ui/#/tools

NAbox

With Grafana you can visualize performance, space & other metrics from ONTAP & Unified Manager stored in Graphite. Download v2.5.1 (2019-09-08).

Harvest 1.6:

NetApp Harvest collects data from ONTAP & Unified Manager and sends it over to Graphite. Harvest is part of NABox.

  • Harvest Extension Manager
    • Extension for NFS connections
    • Extension for SnapMirror replications
    • Extension templates for Perl, Python, Bash
  • FlexGroup capacity metrics
  • AutoSupport logging with Harvest statistics
  • Non-critical bug fixed in plugin cdot-iscsi-lif
  • Harvest 1.6

SaaS Backup

SaaS backup for Salesforce

Now available in Salesforce marketplace

Cloud Volumes

  • Azure NetApp Files certified for AzureGov region and FedRAMP
  • SAP HANA now certified on ANF
  • Kerberos and ACL for Azure NetApp Files (ANF) and Cloud Volumes Service (CVS) with NFS v4.1
  • Cloud Manager supports NKS & Cloud Compliance
  • Cloud Manager to Deploy Trident and Cloud Volumes ONTAP

Cloud Volumes On-Premises

  • Cloud Volumes Service On-Premises
  • Cloud Volumes ONTAP on HCI

Cloud Compliance

Cloud Compliance is a file classification tool for industry compliance, privacy regulations across clouds. License is free, you are paying only for running VM in your cloud provider.

  • File classification & privacy risk tool for Cloud Volumes
  • License is free, you pay to your Cloud Provider for running additional VM
  • PCI, HIPAA, GDPR, CCPA, etc
  • Credit Cards, IBAN, Emails, SSN, TIM, EIN, etc

Cloud Insights

It is a monitoring tool for cloud & on-prem infrastructure, containers & different vendors, and is free with basic edition to all NetApp customers. Cloud insights available as SaaS service, no installation & configuration needed. So here is what’s new:

  • REST APIs
  • Kubernetes Technology
  • Cloud Secure now is part of Cloud Insights

Cloud Secure

Thanks to self-learning AI identifies baseline file access and actively blocks & notifies unusual activities with your files against insider threats and external breaches. Cloud Secure monitor, secure, optimize across hybrid multi-cloud

  • It is a feature of Cloud Insights Premium edition
  • Monitor file activities at CVO & on-prem ONTAP for unusual activities

NetApp Kubernetes Services (NKS)

At start NKS was available in public clouds, then NetApp added NKS to on-prem NetApp HCI. And on VMworld 2019 in Las Vegas, before Insight 2019 NetApp announced NKS on VMware (no NetApp HCI platform needed).

New Solutions

  • Healthcare and Automotive AI solutions validated ONTAP AI
  • Design and recipe using NKS with rapid deployment for CI/CD pipeline use case and both public and private clouds
  • End-to-end DevOps CI/CD on NetApp HCI
  • FlexPod validated as a deployment target for NetApp Kubernetes Service
  • SAP HANA validated on FlexPod including Optane memory and SnapCenter data protection
  • Citrix XenDesktop 7 designs for knowledge workers and GPU assisted VDI for power users
  • Entry-level FlexPod with NetApp C190 and Cisco UCS C220 for enterprise robustness to medium size business
  • FlexPod with FabricPool
  • FlexPod ransomware prevention and mitigation
    • Pre-emptive hardening
    • Recovery and remediation
  • Data Protection and Security Assessment
    • Identify and mitigate risks from security gaps, ransomware
    • Leverages OCI, Cloud Secure/Cloud Insights
  • And many more

HCI

New in NetApp HCI:

  • Compute node H615C with Intel Cascade Lake CPU
  • NVIDIA Tesla graphic cards
  • SSD with FIPS 140-2 compliance & external key management
  • Cloud Volumes ONTAP on HCI
  • NetApp HCI + NKS: DevOps End-to-End Pipeline with Trident
  • Now you can manage your Kubernetes clusters & containers in the cloud & on-prem with a single pane of glass NKS service, now these are just yet another “zone” for you:
    • NetApp HCI
    • On VMware
    • Azure, AWS, Google Cloud
  • Short video about NetApp HCI

Two performance tests for HCI:

  1. IOmark-VM-HC: 5 storage & 18 compute nodes using data stores & VVols
  2. IOmark-VDI-HC: 5 storage nodes & 12 compute nodes with only data stores

Total 1,440 VMs with 3,200 VDI desktops.

Notice how asymmetrical number of storage nodes compared to compute nodes are, and in “Real” HCI architectures you have to have more equipment, while with NetApp HCI you can choose how much storage and how much compute resources you need and scale them separately. Dedup & compression were enabled in the tests.

Containers

Kubernetes Volume Snapshots & FlexClones with Trident for Cloud & On-Prem.

In August, NetApp took its Managed Kubernetes Service to the next level with a new partnership with VMware, allowing users to manage workloads and infrastructure across public and private environments in a single pane of glass.

NetApp Trident

Ansible

How to measure storage performance

SNIA (Storage Networking Industry Association), hardcore 4h!

Technical Support

  • Flat and predictable support pricing
  • OneCollect available in a container and now sends info to Active IQ
  • You can buy managed services so Firmware upgrades on your storage will be managed for you

How to collect logs before open a support ticket

Gartner Magic Quadrant for Primary Array

NetApp is in top right corner.

Will NetApp adopt QLC flash in 2020?

https://blocksandfiles.com/2019/10/30/netapp-will-adopt-qlc-flash-in-2020/

Am I missing something?

Please let me know in the comments below!

If you spotted an error, please let me know personally 😉

Disclaimer

Opinions & observations are my own, and not official NetApp information. This post contains future looking statements and may contain errors. If you have spotted an error, please let me know.

What is NetApp ASA?

ASA stands for All-flash SAN Array. ASA based on low-end & high-end AFF systems that are using ONTAP.

ONTAP architecture in ASA systems remains the same, with no changes. The only change is in the access to the storage over SAN protocols.

In (non-ASA) Unified ONTAP systems SAN protocols like FC and iSCSI are using ALUA which stands for Asymmetrical Logical Unit Access so, this type of connection called active/active but uses ”active optimized” and ”active non-optimized” paths. NVMe ANA works similar to ALUA for SCSI-Based protocols. Both with ANA & ALUA in case of one storage controller failure, the host waits for a timeout, before the host switches to the active non-optimized path. Which works perfectly fine. See more in the section ”Share-nothing architecture”, and “Network access” in a series of articles ”How ONTAP Cluster works”.

But there are some customers who were:

  1. Used to the idea of symmetric active/active connectivity
  2. Looking for a product that will provide fewer notifications to the host at the event of a path loss

NetApp listened to its customers, evaluated both requests and provided ASA products that give the solution they have been looking for.

Video with Skip Shapiro about ASA:

Zoning for cluster storage in pictures

NetApp AFF & FAS storage systems can combine into a cluster up to 12 nodes (6 HA pairs) for SAN protocols. Let’s take a look on zoning and connections on an example with 4 nodes (2 HA pairs) in the image below.

For simplicity we will discuss connection of a single host to the storage cluster. In this example we connect each node to each server. Each storage node connected with double links for reliability reasons.

It is easy to notice only two paths going to be Preferred in this example (solid yellow arrows).

Since NetApp FAS/AFF systems implement “share nothing” architecture we have disk drives assigned to a node, then disks on a node  grouped into a RAID group, then one or a few RAID groups combined into a plex, usually one plex form an aggregate (in some cases two plexes form an aggregate, in this case both plexes must have identical RAID configuration, think of it as an analogy to RAID 1). On aggregates you have FlexVol volumes. Each FlexVol volume is a separate WAFL file system and can serve for NAS files (SMB/NFS) or SAN LUNs (iSCSI, FC, FCoE) or Namespaces (NVMeoF). A FlexVol can have multiple Qtrees and each Qtree can store an LUN or files. Read more in series of articles How ONTAP Memory works.

Each drive belongs to & served by a node. A RAID group belongs to and served by a node. All objects on top of those are belong to and are served by a single node, including Aggregates, FlexVols, Qtrees, LUNs & Namespaces.

At a given time a disk can belong to a single node and in case of a node failure, HA partner takes over disks, aggregates, and all the objects on top of that. Note that a “disk” in ONTAP can be entire physical disk as well as a partition on a disk. Read more about disks and ADP (disk partitioning) here.

Though an LUN or Namespace belong to a single node, it is possible to access them through the HA partner or even from other nodes. The most optimal path is always through a node which owns the LUN or Namespace. If a node has more than one port, all ports to that node are considered as optimal paths (also known as Non-Primary paths) through that node. Normally it is a good idea to have more optimal paths to a LUN.

ALUA & ANA

ALUA (Asymmetric Logic Unit Access) is a protocol which help hosts to access LUNs through optimal paths, it also allows to automatically change paths to a LUN if it moved to another controller. ALUA is used in both FCP and iSCSI protocols. Similarly to ALUA, ANA ( Asymmetric Namespace Access) is a protocol for NVMe over Fabrics protocols like FC-NVMe, iNVMe, etc.

Host can use one or a few paths to an LUN and that is depended on the host multipathing configuration and Portset configuration on the ONTAP cluster.

Since an LUN belong to a single storage node and ONTAP provide online migration capabilities between nodes, your network configuration must provide access to the LUN from all the nodes, just in case. Read more in series of articles How ONTAP cluster works.

According to NetApp best practices, zoning is quite simple:

  • Create one zone for each initiator (host) port on each fabric
  • Each zone must have one initiator port and all the target (storage node) ports.

Keeping one initiator per zone reduces “cross talks” between initiators to 0.

Example for Fabric A, Zone for “Host_1-A-Port_A”:

NodePortWWPN
Host 1Port APort A
ONTAP Node1Port ALIF1-A (NAA-2)
ONTAP Node2Port A LIF2-A (NAA-2)
ONTAP Node3Port A LIF3-A (NAA-2)
ONTAP Node4Port A LIF4-A (NAA-2)

Example for Fabric B, Zone for “Host_1-B-Port_B”:

NodePortWWPN
Host 1Port BPort B
ONTAP Node1Port BLIF1-B (NAA-2)
ONTAP Node2Port B LIF2-B (NAA-2)
ONTAP Node3Port BLIF3-B (NAA-2)
ONTAP Node4Port BLIF4-B (NAA-2)

Here is how zoning from tables above it looks like:

Vserver or SVM

An SVM in ONATP cluster lives on all the nodes in the cluster. Each SVM separated one from another and used for creating a multi-tenant environment. Each SVM can be managed by a separate group of people or companies and one will not interfere with another. In fact they will not know about other existence at all, each SVM is like a separate physical storage system box. Read more about SVM, Multi-Tenancy and Non-Disruptive Operations here.

Logical Interface (LIF)

Each SVM has its own WWNN in case of FCP, own IQN in case of iSCSI or Namespace in case of NVMeoF. Each SVM can share a physical storage node port. Each SVM assigns its own range of network addresses (WWPN, IP, or Namespace ID) to a physical port and normally each SVM assigns one network address to one physical port. Therefore one physical port might have a few WWPN network addresses on a single physical storage node port each assigned to a different SVM, if a few SVM exists. NPIV is a crucial functionality which must be enabled on a FC switch for ONTAP cluster with FC protocol to function properly.

Unlike ordinary virtual machines (i.e. ESXi or KVM), each SVM “exists” on all the nodes in the cluster, not just on a single node, the picture below shows two SVMs on a single node just for simplification.

Make sure that each node has at least one LIF, in this case host multipathing will be able to find an optimal path and always access an LUN through optimal route even if a LUN will migrate to another node. Each port has its own assigned “physical address” which you cannot change and network addresses. Here is an example of network & physical addresses looks like in case of iSCSI protocol. Read more about SAN LIFs here and about SAN protocols like FC, iSCSI, NVMeoF here.

Zoning recommendations

For ONTAP 9, 8 & 7 NetApp recommends having a single initiator and multiple targets.

For example in case of FCP, each physical port has its own physical WWPN (WWPN 3 in the image above) which should not be used at all, but rather WWPN addresses assigned to an LIF (WWPN 1 & 2 in the image above) must be used for zoning and host connections. Physical addresses looks like 50:0A:09:8X:XX:XX:XX:XX, this type of addresses numbered according to NAA-3 (IEEE Network Address Authority 3), assigned to a physical port, and should not be used at all. Example: 50:0A:09:82:86:57:D5:58. You can see addresses numbered according to NAA-3 listed on network switches, but they should not be used.

When you create zones on a Fabric, you should use 2X:XX:00:A0:98:XX:XX:XX, this type of addresses numbered according to NAA-2 (IEEE Network Address Authority 2) and assigned to your LIFs. Thanks to NPIV technology, the physical N_Port can register additional WWPNs which means your switch must be enabled in NPV mode in order ONTAP to serve data over FCP protocol to your servers. Example 20:00:00:A0:98:03:A4:6E

  • Block 00:A0:98 is the original OUI block for ONTAP
  • Block D0:39:EA is the newly added OUI block for ONTAP
  • Block 00:A0:B8 is used on NetApp E-Series hardware
  • Block 00:80:E5 is reserved for future use.

Read more

Disclaimer

Please note in this article I described my own understanding of the internal organization of ONTAP systems. Therefore, this information might be either outdated, or I simply might be wrong in some aspects and details. I will greatly appreciate any of your contribution to make this article better, please leave any of your ideas and suggestions about this topic in the comments below.

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only.

Why use NetApp snapshots even when you do not have Premium bundle software?

If you are extremely lazy and do not want to read any farther, the answer is “use snapshots to improve RPO and use ndmpcopy to restore files, LUNs and SnapCreator for app-consistent snapshots.

Premium bundle includes a good deal of software besides Base software in each ONTAP system, like:

  • SnapCenter
  • SnapRestore
  • FlexClone
  • And others.

So, without Premium bundle, with only Basic software we have two issues:

  • You can create snapshots, but without SnapRestore or FlexClone you cannot restore them quickly
  • And without SnapCenter you cannot make application consistent snapshot.

And some people asking, “Do I need to use NetApp snapshots in such circumstances?”

And my answer is: Yes, you can, and you should use ONTAP snapshots.

Here is the explanation of why and how:

Snapshots without SnapRestore

Why use NetApp storage hardware snapshots? Because they have no performance penalty and also no such a thing as snapshot consolidation which causes a performance impact. NetApp snapshots work pretty well and they also have other advantages. Even though it is not that fast as with SnapRestore or FlexClone to restore your data captured in snapshots, you can create snaps very fast. And most times, you need to restore something very seldom, so fast creation of snapshots with slow restoration will give you better RPO compare to a full backup. Of course, I have to admit that you improved RPO only for cases when your data were logically corrupted, and no physical damage was done to the storage because if your storage physically damaged, snapshots will not help. With ONTAP you can have up to 1023 snapshots per volume, and you can create them as fast as you need with no performance degradation whatsoever, which is pretty awesome.

Snapshots with NAS 

If we are speaking about NAS environment without SnapRestore license, you always can go to the .snapshot folder and copy any previous version of a file you need to restore. Also, you can use the ndmpcopy command to perform file, folder or even volume restoration inside storage without involving a host.

Snapshots with SAN 

If we are speaking about SAN environment without SnapRestore license, you do not have such ability as copying a file on your LUN and restore it. There are two stages in case you need to restore something on a LUN:

  1. You copy entire LUN from a snapshot
  2. And then you can either:
    • Restore entire LUN on the place of the last active version of your LUN
    • Or you can copy data from copied LUN to the active LUN.

To do that, you can use either ndmpcopy or lun copy commands to perform the first stage. And if you want to restore only some files from an old version of the LUN from a snapshot, you need to map that copy to a host and copy required data back to active LUN.

Application consistent storage snapshots 

Why do you need application consistency in the first place? Sometimes, in an environment like the NAS file share with doc files, etc., you do not need that at all. But if you are using applications like Oracle DB, MS SQL or VMWare you’d better have application consistency. Imagine you have a Windows machine and you are pulling hard drive while Windows is running, let’s forget for a moment that your Windows will stop working, this is not the point here, and let’s focus on data protection side of that. The same happens when you are creating a storage snapshot, data captured in that snapshot will be similarly not complete. Will the pulled off hard drive be a proper copy of your data? Kind of, right? Because some of the data will be lost in host memory and your FS probably will not be consistent, and even though you’ll be able to restore logged file system, your application data will be damaged in a way it hard to restore, because against of the data lost from host memory. Similarly, snapshots will contain probably damaged FS, if you try to restore from such a copy, your Windows might not start, or it might start after FS recheck, but your applications especially Data Bases definitely will not like such a backup. Why? Because most probably you’ll get your File System corrupted because applications and OS which were running on your machine didn’t have a chance to destage data from memory to your hard drive. So, you need someone who will prepare your OS & applications to create a backup. As you may know, application consistent storage hardware snapshots can be created by backup software like Veeam, Commvault, and many others, or you even can trigger a storage snapshot creation yourself with relatively simple Ansible or PowerShell script. Also, you can do application-consistent snapshots with free NetApp SnapCreator software framework, unlike SnapCenter, it does not have a simplistic and straight-forward application GUI wizards which help to walk you through with the process of integration with your app. Most times, you have to write a simple script for your application to benefit online & application-consistent snapshots, another downside that SnapCreator is not officially supported software. But at the end of the day, it is relatively easy setup, and it will definitely pay you off once you finish setting up.

List of other software features available in Basic software

This Basic ONTAP functionality also might be useful: 

  • Horizontal scaling, nod-disruptive operations such as online volume & LUN migration, non-disruptive upgrade with adding new nodes to the cluster
  • API automation
  • FPolicy file screening
  • Create snapshots to improve RPO
  • Storage efficiencies: Deduplication, Compression, Compaction
  • By default ONTAP deduplicate data across active file system and all the snapshots on the volume. Savings from the snapshot data sharing is a magnitude of number of snapshots: the more snapshots you have, the more savings you’ll have
  • Storage Multi-Tenancy
  • QoS Maximum
  • External key manager for Encryption
  • Host-based MAX Data software which works with ONTAP & SAN protocols
  • You can buy FlexArray license to virtualize 3rd party storage systems
  • If you have an All Flash system, then you can purchase additional FabricPool license which is useful especially with snapshots, because it is destaged cold data to cheap storage like AWS S3, Google Cloud, Azure Blob, IBM Cloud, Alibaba Cloud or on-premise StorageGRID system, etc.

Summary

Even Basic software has a reach functionality on your ONTAP system, you definitely should use NetApp snapshots, and set up application integration to make your snapshot application consistent. With hardware NetApp storage snapshots, you can have 1023 snapshots per volume, create them as fast as you need without sacrificing storage performance, so snapshots will increase your RPO. Application consistency with SnapCreator or any other 3rd party backup software will build confidence that all the snapshots can be restorable when needed.

ONTAP & Antivirus NAS protection

NetApp with ONTAP OS supports antivirus integration known as Off-box Antivirus Scanning or VSCAN. With VSCAN ability, the storage system will scan each new file with an antivirus system. VSCAN allows increasing corporate data security.

ONTAP supports the next list of antivirus software:

  • Symantec
  • Trend Micro
  • Computer Associates
  • Kaspersky
  • McAfee
  • Sophos

Also, ONTAP supports FPolicy technology which can prevent a file been written or read based on file extension or file content header.

This time I’d like to discuss an example of CIFS (SMB) integration with antivirus system McAfee.

AV-1

In this example im going to show how to set up integration with McAfee. Here are the minimum requirements for McAfee but approximately the same with other AVs:

  • MS Windows Server 2008 or higher
  • NetApp storage with ONTAP 8 or higher
  • SMB v2 or higher (CIFS v1.0 not supported)
  • NetApp ONTAP AV Connector (Download page)
  • McAfee VirusScan Enterprise for Storage (VSEfS)
  • For more details see NetApp Support Matrix Tool.
AV-2

Diagram of antivirus integration with ONTAP system.

Preparation

To set up such an integration, we will need to configure the next software components:

AV-3

VSEfS

We need to set up McAfee VSEfS, which can work in two modes: as an independent product or as managed by McAfee ePolicy Orchestrator (McAfee ePO). In this article, I will discuss how to configure it as an independent product. To set up & configure VSEfS we will need already installed and configured:

  • McAfee VirusScan Enterprise (VSE). Download VSE
  • McAfee ePolicy Orchestrator (ePO), not needed if VirusScan used as an independent product.

SCAN Server

At first, we need to configure few SCAN servers to balance the workload between them. I will install each SCAN server on a separate Windows Server with McAfee VSE, McAfee VSEfS, and ONTAP AV Connector. In this article, we will create three SCAN servers: SCAN1, SCAN2, SCAN3.

Active Directory

At the next step, we need to create user scanuser in our domain, in this example domain will be NetApp.

ONTAP

After ONTAP been started, we need to create Cluster management LIF and SVM management LIF; set up AD integration and configure file shares and data LIFs for SMB protocol. Here, we will have NCluster-mgmt LIF for cluster management and SVM01-mgmt for SVM management.

NCluster::> network interface create -vserver NCluster -home-node NCluster-01 -home-port e0M -role data -protocols none -lif NCluster-mgmt -address 10.0.0.100 -netmask 255.0.0.0
NCluster::> network interface create -vserver SVM01 -home-node NCluster-01 -home-port e0M -role data -protocols none -lif SVM01-mgmt -address 10.0.0.105 -netmask 255.0.0.0
NCluster::> domain-tunnel create -vserver SVM01
NCluster::> security login create -username NetApp\scanuser -application ontapi -authmethod domain -role readonly -vserver NCluster
NCluster::> security login create -username NetApp\scanuser -application ontapi -authmethod domain -role readonly -vserver SVM01

ONTAP AV Connector

On each SCAN server, we will install the ONTAP AV Connector. At the end of the installation, I will add AD logging & password for the user scanuser.

AV-4

Then configure management LIFs

Start → All Programs → NetApp → ONTAP AV Connector → Configure ONTAP Management LIFs

In the field “Management LIF” we will add DNS name or IP address for the NCluster-mgmt or SVM01-mgmt. In the Account field, we will fill with NetApp\scanuser. Also, then pressing “Test,” “Update” or “Save” if test finished.

AV-5

McAfee Network Appliance Filer AV Scanner Administrator Account

Assuming you already installed McAfee on three SCAN servers, on each SCAN server, we are logging as an administrator and in Windows taskbar opening VirusScan Console and then open Network Appliance Filer AV Scanner and choosing tab called “Network Appliance Filers.” So, in the field “This Server is processing scan request for these filers” press the “Add button” and put to the address field “127.0.0.1”, and then also add scanuser credentials.

AV-6

Returning to ONTAP console

Configuring off-box scanning, then enabling it, creating and applying scan policies. SCAN1, SCAN2, and SCAN3 are the Windows servers with installed McAfee VSE, VSEfS, and ONTAP AV Connector.
First, we create a pool of AV servers:

NCluster::> vserver vscan scanner-pool create -vserver SVM01 -scanner-pool POOL1 -servers SCAN1,SCAN2,SCAN3 -privileged-users NetApp\scanuser 
NCluster::> vserver vscan scanner-pool show
Scanner Pool Privileged Scanner Vserver Pool Owner Servers Users Policy 
-------- ---------- ------- ------------ ------------ ------- 
SVM01 POOL1 vserver SCAN1, NetApp\scanuser idle SCAN2, SCAN3

NCluster::> vserver vscan scanner-pool show -instance
Vserver: SVM01 Scanner Pool: 
POOL1 Applied Policy: idle 
Current Status: off 
Scanner Pool Config Owner: vserver 
List of IPs of Allowed Vscan Servers: SCAN1, SCAN2, SCAN3 
List of Privileged Users: NetApp\scanuser

Second, we apply a scanner policy:

NCluster::> vserver vscan scanner-pool apply-policy -vserver SVM01 -scanner-pool POOL1 -scanner-policy primary
NCluster::> vserver vscan enable -vserver SVM01
NCluster::> vserver vscan connection-status show
Connected Connected Vserver Node Server-Count Servers 
--------- -------- ------------ ------------------------ 
SVM01 NClusterN1 3 SCAN1, SCAN2, SCAN3

NCluster::> vserver vscan on-access-policy show
Policy Policy File-Ext Policy Vserver Name Owner Protocol Paths Excluded Excluded Status 
--------- --------- ------- -------- ---------------- ---------- ------ 
NCluster default_ cluster CIFS - - off CIFS SVM01 default_ cluster CIFS - - on CIFS 

Licensing

There is no other licensing needed on ONTAP side to enable and use FPolicy & off-box anti-virus scanning; this is a basic functionality available in any ONTAP system. However, you might need to license additional functionality from the antivirus side, so please check it with your antivirus vendor.

Summary

Here are some advantages in integration storage system with your corporate AV: NAS integration with antivirus allows you to have one of the antivirus systems on your desktops and another for your NAS share. There is no need to do NAS scanning on workstations and waste their limited resources. All NAS data protected, there is no way for a user with advanced privileges to connect to the file share without antivirus protection and put there some unscanned files.

NetApp in containerization era

It’s not really a technical article as I usually do, but rather a short list of topics for one direction NetApp developing a lot recently, called “Containers”. Containerization getting more and more popular nowadays and I noticed NetApp heavily invests efforts in it, so I identified four main directions in that field. Let’s name a few NetApp products using containerization technology:

  1. E-Series with running containers on top of the platform
  2. Containerization of existing NetApp software:
    • ActiveIQ PAS
  3. Trident plugin for ONTAP, SF & E-Series (NAS & SAN):
    • NetApp Trident plug-in for Jenkins
    • CI & HCI:
      • ONTAP AI: NVIDIA, AFF systems, Docker containers & Trident with NFS
      • FlexPod DataCenter & FlexPod SF with Docker EE
      • FlexPod DataCenter with IBM Cloud Private (ICP) with Kubernetes orchestration
      • FlexPod with NetApp Kubernetes Services
      • NetApp HCI with RedHat OpenShift Container Platform
      • NetApp integration with Robin Systems Container Orchestration
    • Oracle, PostgreSQL & MongoDB in containers with Trident
    • Integration with Moby Project
    • Integration with Mesosphere Project
  4. Cloud-native services & Software:
    • Cloud Insights
      • Monitore Kubernetes enviroment
      • NKS visibility in Cloud Insights
    • SaaS Backup for Service Providers
  5. Other

Documents, Howtos, Architectures, News & Best Practices:

Is it a full list of NetApp’s efforts towards containerization?

I bet that is far not complete. Post your thoughts and links with documents, news, howtos, architectures and best practice guides in the comments below to expand this list if I missed something!

New NetApp platform for ONTAP 9.6 (Part 3) AFF C190

NetApp introduced C190 for Small Business, following the new platform A320 with ONTAP 9.6.

C190

This new All-Flash system has:

  • Fixed format, with no ability to connect additional disk shelves:
    • Only 960 SSD drives installed only in the controller chassis
    • Only 4 configs: with 8, 12, 18 or 24 drives
      • Effective capacity respectively: 13, 24, 40 or 55 TB
    • Supports ONTAP 9.6 GA and higher
    • C190 build with the same chassis as A220, so per HA pair you’ll get:
      • 4x 10Gbps SFP cluster ports
      • 8x UTA ports (10 Gbps or FC 16Gbps)
      • There is a model with 10GBASE-T ports instead of UTA & cluster interconnect ports (12 ports total). Obviously BASE-T ports do not support FCP protocol
  • There will be no more “useful capacity”, NetApp will provide only “Effective capacity”:
    • With dedup, compression, compaction and 24 x 960 GB drives the system provide ~50 TiB Effective capacity. 50 TiB is pretty reliable conservative number because it is even less than ~3:1 data reduction
    • Deduplication snapshot sharing functionality introduced in previous ONTAP versions allows gaining even better efficiency
    • And of course FabricPool tiering can help to save much space
  • C190 comes with Flash bundle which adds to Basic software:
    • SnapMirror/SnapVault for replication
    • SnapRestore for fast restoration from snapshots
    • SnapCenter for App integration with storage snapshots
    • FlexClone for thing cloning.

Fixed configuration with built-in drives, I personally think, is an excellent idea in general, taking into account we have such a wide variety of capacity in SSD drives nowadays and even more to come. Is this the future format for all storage systems with flash? Though C190 supports only 960 GB SSD drives, and new Mid-range A320 system, can have more than one disk shelf.

Fixed configuration allows to manufacture & deliver the systems to clients faster and reduce costs. C190 will cost sub $25k with min config according to NetApp.

Also, in my opinion, C190 can more or less cover market place left after the announcement for the end of sale (EOS) of hardware and virtual AltaVault (AVA, and recently know under a new name “Cloud Backup”) appliances thanks to FabricPool tiering. Cloud Backup appliances still available through AWS & Azure market places. Especially now it is the case after FabricPool in ONTAP 9.6 no longer have a hard-coded ratio for how many data system can store in the cloud compare to hot tier & allows wright-through with “All” policy.

Turns out information about storage capacity “consumed” more comfortable in the form of effective capacity. All this useful capacity, garbage collector and other storage overheads, RAIDs and system reserves are too complicated, so hey, why not? I bet idea of showing only effective capacity influenced by vendors like Pure, which have very effective marketing for sure.

Cons

  • MetroCluster over IP is not supported in C190, while Entry-level A220 & FAS2750 systems support MCC-IP with ONTAP 9.6
  • C190 require ONTAP 9.6, and ONTAP 9.6 do not support 7MTT.

Read more

Disclaimer

All product names, logos, and brands are the property of their respective owners. All company, product, and service names used in this website are for identification purposes only. No one is sponsoring this article.