2010-11-24 06:11 AM
Yeah maybe it is a secret new tool that are being released from NetApp in the near future, and maybe it is not !
But as you mention it is used in a very specific manor in this NUG conference, and this led me to ask about it.
I will try and hunt down the BNUG author and ask them about it.
2010-11-25 07:06 AM
these commands 'snapcompress', 'snapencrypt' and 'snaptrust' doesn't exist.
They are comming from ideas at NorthgateArinso about missing features on Netapp and that the 'our' business (and also other ones) required. We have present them last year at internal Netapp conference/meeting.
As I see some people are interested ... good hopping Netapp will in the future integrate this type of features.
Only compress is available --> need to requets this to Netapp --> license. (free)
For encryption, it is possible with the last shelf model --> but the problem with this is that everything is encrypted --> use the disk encryption feature (limited features).
2010-11-25 09:08 AM
Interestingly enough, purely from a mathematical standpoint compression & encryption are *very* similar.
Hmm, compression is here, so is encryption on the filer just behind the corner?
That would be very nice, as we've lost at least one deal purely due to a competitor's offering including 'data at rest' encryption (financial sector, so not a big surprise...)
2011-12-15 08:01 AM
Some years ago I discuss about command snapcompress and snapencrypt. At this time these commands didn't exist and I was hoping that they will be available in future (now ...) but it still not the case. It is a shame.
More and more business want to optimize their storage (space efficiency, I/O, CPU on the heads... ) and are looking to compress the data and also secure the access to the data (business requirement, new law ...) but still not easy to implement and still require extra boxes/softwares.
Why is this not available ? SIS/dedup is very good. You can use it on primary data compare to other vendor that only do it (or recommend) on secondary/offline data. Netapp has the same approach now for the compress.
I wish so much this approach, to have all these features on a box and don't need extra box ... where is the speech of Netapp : simplify storage management ? Maybe next year, maybe in some years ... maybe never ...
2011-12-15 08:28 AM
- On the level on encryption, Netapp delivers encryption on disk level on Ontap 8.1 RC3 minimum. why on disk level ?
Because it relies on self-encrypting disk drives. Have a look at this doc for more details: https://fieldportal.netapp.com/ci_getfile.asp?method=1&uid=7178&docid=29445
This doc shows also what else is / will be available regarding encryption of data on NetApp: https://fieldportal.netapp.com/ci_getfile.asp?method=1&uid=7178&docid=32623
(both docs are available to NetApp & NetApp partners only)
2011-12-15 08:44 AM
thanks for the fast response. But I don't care about self-encrypting disk drives. Actually you have to encrypt all your disk in the shelves/aggregates on the head. So for your backup you have to encrypt also all your SATA disk for your backup. If the data/block is encrypted by Ontap, the data is secure, can be replicate with snapmirror between data center in a secure way and the the block should be decrypted on the target because the snapmirro should also sync the key used to encrypt the volume.
Also if you don't use encrypt disk you can use DataFort. when we request info it, they didn't know if they still continue it, what was the future (10 Gb supported or not). For you info we use only NAS features for all our database on NFS.
It means also that you have to add boxes (cables, software, knowledge, ....) and the COSTS !!! ... simplify storage ??? Dedup on volume is the best approach and the encryption should work in the same way = use or not a feature = a simple command.
If I want to listen CD in my car , I don't need to buy a radio that cost so much than the car
2011-12-15 08:51 AM
Hey, don't shoot the messenger, okay?
Data encryption at rest on the box (or on the disk) protects against one corner case only - actual disk theft (so probably not a major concern for most DCs!)
If it makes you feel any better, EMC implementation is equally, hmm, limited - the whole array, or nothing: http://www.emc.com/collateral/hardware/white-papers/h8073-symmetrix-data-at-rest-encryption-wp.pdf
2011-12-15 10:03 AM
No I will not shoot the messenger ... it is good to share opinion & experience.
But I think the customer should be able to select options/way of doing the job and the consequence : dedicated box (performance, not head impact, ...), in-the-box fonction (use command to activate it, could have performance impact, ...)