I originally had Data Collectors setup in Cloud Insights using cluster admin credentials. I just followed the steps at https://docs.netapp.com/us-en/cloudinsights/task_add_collector_svm.html#a-note-about-permissions in the "Permissions when adding via Cluster Management IP:" section and the cmddirs in the role that was created all match and the ssh and ontapi access were granted, but when I switched the credentials in the collector to this new account the collectors fail and I get this when I test the connection "Configuration: Failed to execute test command on device - NetApp ONTAP zapi communication failed: cluster-identity-get failed: Insufficient privileges: user 'csuser' does not have read access to this resource." Oriole::> security login role show -vserver Oriole -role csrole
Role Command/ Access
Vserver Name Directory Query Level
---------- ------------- --------- ----------------------------------- --------
Oriole csrole DEFAULT none
event catalog all
event filter all
event notification all
event notification destination all
network interface readonly
security certificate all
version readonly
volume readonly
volume snapshot -snapshot cloudsecure_* all
vserver readonly
vserver fpolicy all
12 entries were displayed. Oriole::> security login show -role csrole
Vserver: Oriole
Second
User/Group Authentication Acct Authentication
Name Application Method Role Name Locked Method
-------------- ----------- ------------- ---------------- ------ --------------
csuser ontapi password csrole no none
csuser ssh password csrole no none
2 entries were displayed.
... View more
Hi community! I´m a new in the container world but i would like to test Cloud Insights to monitor a Kubernetes local environment (installed by K3d wrapper). Is it possible? I have to do any specific configuration for it? Thanks in advance!
... View more
While other storage systems may provide some ransomware protection, they do not provide protection from insider threats. NetApp® storage systems are different. Very different. We are unique in the use of AI/ML to build a “normal access” profile for each user then monitor all user actions to spot any behavioral anomalies that indicate a possible threat (either malicious or accidental), then use automatic policies to stop an attack before it causes even more damage. Zero trust = zero tolerance By establishing a zero-trust architecture, you're not solely reliant on a trusted internal network. Many insider threat incidents that compromise your data can be caused by negligent or careless individuals who are already trusted members of the network. The zero-trust approach is key to stepping up your security and protection. This means that whenever unusual behavior is noticed — even from the CEO — quick action to block those users to prevent further data theft or file damage is initiated. These actions are just the first step. It can also help an enterprise by: Inspecting and analyzing all data access activity in real-time to detect malicious behaviors Zeroing in on the source of the suspicious behavior and attacks Alerting you immediately of a potential attack in progress Protecting user data and providing a safe restoration point if there’s a potential breach Increasing the speed at which you’re able to identify and recover potential damage Decreasing downtime While ransomware gets most of the attention in compromising critical data, Insider Threats are actually more costly to remediate due to the reported frequency of these incidents. The average ransomware incident remediation cost is around $1.4M, but the Insider Threat cost, while lower on a per-incident basis, is many times higher overall. The average organization remediation cost is approximately $15.4M per year. Ransomware protection is good, but it is only one part of the equation; NetApp is unique in providing storage systems protection, at the storage level, from insider threats, adding an additional layer of defense for business-critical data. Cloud Insights – Infrastructure Monitoring | NetApp
... View more
Hey all, In the Cloud Insights world, we now have twp approaches for discovering Dell / EMC Symmetrix arrays - why, and which is right for you? Historically, we have had a Symcli + SMI-S approach: +s = We support many generations of hardware. We have access to rich, deep configuration information. We have individual, per volume statistics -s = We only have performance information at a 15 minute granularity, per EMC's SMI-S limitations. Managing Solutions Enabler version matching rules can be tedious. In prior years, we would occasionally look at Unisphere: +s = No CLI version matching pain. Unisphere present via embedded instances on newer arrays. Performance data at a 5 minute granularity -s = Thin inventory API compared to the richness of the CLI. No per volume statistics whatsoever But we are now at the point where 2 very important things happened: SMI-S was announced as deprecated, and is gone in Solutions Enabler 10.0+ Unisphere 10.0+ has added per volume statistics. We are now at the point where we have taken the "Preview" label off our Unisphere collector, and we view it as production ready for these scenarios: Vmax 3 All Flash PowerMax 2000 + 8000 PowerMax 2500 + 8500 We support these platforms with this collector type via Unisphere 9.2+. BUT, only with Unisphere 10.0+ will you additionally get per volume statistics This may mean your organization will want to deploy Unisphere 10.0+ instances to facilitate harvesting of volume statistics if your array's embedded instances of Unisphere are 9.2, and cannot be upgraded to 10.0+. The CI collector will discover ALL the "local" arrays on a Unisphere instance, meaning if any of the arrays on it have a SRDF replication relationship to a "remote" array, the CI collector will implicitly ignore that remote array. To discover the remote array, simply deploy an additional Unisphere collector pointed at the appropriate Unisphere instance that sees that array as local. Questions you may have: What functionality will I lose by migrating? Nearly none - certainly from a performance standpoint, you are going to move to 5 versus 15 minute statistical granularity, which is a nice win. Any missing inventory/configuration aspects are likely trivial in comparison to the ease of use benefits and improved performance granularity. How should I actually migrate? Both the CLI+SMI/S and Unisphere collectors both support include and exclude capability. Imagine collector 1 is a CLI+SMI-S instance discovering arrays A,B,C. A is a legacy Vmax 200 that is going away in 6 months, and we want to leave as is for now, until the decommission. Arrays B and C are more current, and monitored by a Unisphere 10 instance. Steps: Leave collector 1 alone for the moment. Deploy collector 2, a Unisphere collector. When 2 has discovered both array B and C, we have 2 active collectors discovering the same 2 arrays B and C. This is NOT a long term state you want to be in. Edit collector 1: Toggle the "Include" option, and fill the list with the "Sym-$Aserialnumber" for array A OR Toggle the "Exclude" option, and fill the list with the "Sym-$Bserialnumber, Sym-$Cserialnumber" for arrays B and C OR Save collector 1, force a poll. What should happen with EITHER of these new include/exclude approaches is that you are telling CI that collector 1 is either to: Only to discover A Discovery any array that is NOT B NOR C When collector 1 finishes , CI will realize that collector 2 is now the source of truth for arrays B and C. This approach should provide a seamless migration Matt
... View more
hello team, we are evaluating Cloud Insights as a platform to monitor multiple customers that we manage. during the first sign up , an organization is created and within the organization we can add multiple data collectors. as we are managing multiple customers, is it possible to have multiple organizations (one for each customer) under the same Cloud Insight account (dashboard). if no we need to create different Cloud insight accounts each one with a different email address or we can use the same one? we want to avoid having all customers under one organization because the info will all be together. thanks, Manolis
... View more
