We can operate Amazon FSx for NetApp ONTAP using System Manager via BlueXP, but can we manage things like SnapMirror relationship creation from this System Manager? Are there any features that are not available in FSx's System Manager compared to the on-premise System Manager? The intent of this question is to see if it is possible to configure SnapMirror between FSx and on-premise ONTAP storage using only System Manager.
... View more
Hello, I am a TSE engineer at Netapp, have a customer trying to create a new CVO instance using Azure premium keyvault services. He referenced this documentation here: https://docs.netapp.com/us-en/bluexp-cloud-volumes-ontap/task-set-up-azure-encryption.html#create-a-working-environment-that-uses-the-encryption-key On the step to list the keyvaults that were created, it is failing: Obtain the list of key vaults in your Azure subscription by using the following BlueXP API call. For an HA pair: GET /azure/ha/metadata/vaults For single node: GET /azure/vsa/metadata/vaults Make note of the name and resourceGroup. You'll need to specify those values in the next step. The error is "User is not allowed to do operation" Posting the issue here for assistance, as this KB specifies the Netapp APi is community supported https://kb.netapp.com/Cloud/Cloud_Volumes_ONTAP/Where_can_I_get_help_for_Cloud_Volumes_ONTAP_API_related_issues Any help is appreciated This is the actual call This call fails with user isn't allowed, etc curl --request GET --location 'https://cloudmanager.cloud.netapp.com/occm/api/azure/vsa/working-environments/VsaWorkingEnvironment-XFYfUPSU?fields=status,ontapClusterProperties.fields(upgradeVersions,nodes),reservedSize,saasProperties,complianceProperties,monitoringProperties,providerProperties' --header "Content-Type: application/json" --header 'x-agent-id: XXXXX' --header 'Authorization: Bearer '
... View more
When it comes to ransomware protection, your storage matters! Storage is the last line of defense, and NetApp is the most secure storage on the planet. BlueXP ransomware protection takes the on-box defense even further by leveraging ONTAP technology to make ransomware preparedness very easy, and recovery extremely fast (within minutes). The second half of 2024 has been a remarkable period for BlueXP ransomware protection, with the introduction of 13 new features and capabilities designed to enhance ransomware preparedness and resilience, with more flexibility, control, and efficiency. In this blog post, we’ll delve into these exciting new additions and explore how they can help secure your workloads and streamline your operations. Don't want to read? Watch the recap video instead! Expanded Support for Working Environments One of the most exciting updates is the expanded support for additional working environments, including Google Cloud Platform (GCP). Previously, BlueXP ransomware protection supported only on-premises network-attached storage and Cloud Volumes ONTAP in Amazon Web Services (AWS) and Microsoft Azure. With the inclusion of GCP, you can now protect your workloads stored in Cloud Volumes ONTAP across all three of the largest cloud providers. This expansion offers more options to secure your data wherever it resides, giving you greater flexibility in your data protection strategies. Google Cloud Platform as a Backup Destination In addition to supporting GCP for workload protection, you can now use GCP as a backup destination. This enhancement provides extra flexibility for your backup strategies, ensuring that your data protection is robust and adaptable. Enhanced Workload Identification and Security Risk Management BlueXP ransomware protection has integrated with BlueXP classification to identify workloads containing personal identifiable information (PII). This capability allows you to prioritize protection, assess privacy exposure during an attack, and decide which workloads to recover first. Moreover, the service now gathers information about security risks from NetApp Digital Advisor. This proactive approach helps you address vulnerabilities and enhance your overall security posture. Focused Workload Discovery and Custom Grouping You can now select specific working environments for workload discovery, ensuring you focus on protecting the most critical parts of your infrastructure. Custom grouping of workloads simplifies data management and protection, allowing you to manage workloads at scale and ensure consistent protection of all critical data. Advanced Threat Detection and Response To bolster threat detection and response, BlueXP ransomware protection has launched several significant new capabilities: Integration with Data Infrastructure Insight’s Storage Workload Security: This feature detects anomalous user behavior, allowing you to map suspicious activity to specific users and quickly mitigate potential security threats. Integration with Splunk Cloud Security Information and Event Management (SIEM): By sending data to Splunk Cloud SIEM for threat analysis and detection, you can enhance security through a widely-used platform, supporting coordination and communication across Storage and SecOps teams. Integration with Microsoft Sentinel SIEM: This integration offers another option for threat analysis and detection, further enhancing security capabilities and supporting collaboration between Storage and SecOps teams. Efficient Recovery from Attacks In the unfortunate event of an attack, BlueXP ransomware protection now offers new capabilities to facilitate quick recovery: Download a List of Impacted Files: You can download a list of impacted files as a CSV file, helping you quickly assess the extent of an attack and streamline the recovery process. File-Level Workload Restoration: This feature allows you to view and identify impacted files before restoring them, providing more granular control over recovery and ensuring that only necessary files are restored, saving time and resources. Enhanced Governance with Role-Based Access Control Governance of ransomware protection has been improved with enhancements to role-based access control. You can now limit access to specific activities, using two roles from BlueXP: BlueXP Account Admin and Non-Account Admin (Viewer). These enhancements provide better control over your ransomware protection strategies. Conclusion The new features and capabilities introduced in the second half of 2024 make BlueXP ransomware protection the easiest and most comprehensive ransomware defense at the storage layer. They offer more options, better control, and enhanced protection for your workloads. For more information, visit netapp.com/bluexp/ransomware-protection.
... View more
Hi team, We've deployed a private mode BlueXP Connector and Data Classification VMs to test the Data Classification product against one of our QA filers (sanqanascl100d). Our security team have run a Qualys scan against the Connector and Data Classification VMs. They have reported a redis vulnerability against the BlueXP Connector VM (hostname:sanadmbxp0001d) - specifically, "Redis Server Accessible Without Authentication detected on port 63791 over TCP". I've had a look at the containers running on the Connector VM and there's a Redis server running on a container called "ds_cc_charger_1". There is a redis server running in a container called ds_cc_charger_1 running from an image called cloudmanagerinfra.azurecr.io/cc_charger_app_and_redis:darksite which is listening on port 63791: the Qualys Vulnerability Scanning tool that has picked this up. I have to either get the reported vulnerability remediate or provide an explanation as to what the risk is and how big it is from a security point of view. It may require some kind of config change to be done on redis to alleviate this. Support case 2010284575
... View more
