Subscribe

Re: SnapCompress & Snap Encrypt

Yeah maybe it is a secret new tool that are being released from NetApp in the near future, and maybe it is not !

But as you mention it is used in a very specific manor in this NUG conference, and this led me to ask about it.

I will try and hunt down the BNUG author and ask them about it.

Best Regards

Petter Glenstrup

Re: SnapCompress & Snap Encrypt

Hi,

these commands 'snapcompress', 'snapencrypt' and 'snaptrust'  doesn't exist.

They are comming from ideas at NorthgateArinso about missing features on Netapp and that the 'our' business (and also other ones) required. We have present them last year at internal Netapp conference/meeting.

As I see some people are interested ... good hopping Netapp will in the future integrate this type of features.

Only compress is available --> need to requets this to Netapp --> license. (free)

For encryption, it is possible with the last shelf model --> but the problem with this is that everything is encrypted --> use the disk encryption feature (limited features).

Regards,

Eric

Re: SnapCompress & Snap Encrypt

Interestingly enough, purely from a mathematical standpoint compression & encryption are *very* similar.

Hmm, compression is here, so is encryption on the filer just behind the corner?

That would be very nice, as we've lost at least one deal purely due to a competitor's offering including 'data at rest' encryption (financial sector, so not a big surprise...)

Regards,
Radek

Re: SnapCompress & Snap Encrypt

Hi,

Some years ago I discuss about command snapcompress and snapencrypt. At this time these commands didn't exist and I was hoping that they will be available in future (now ...) but it still not the case.  It is a shame.

More and more business want to optimize their storage (space efficiency, I/O, CPU on the heads... ) and are looking to compress the data and also secure the access to the data (business requirement, new law ...) but still not easy to implement and still require extra boxes/softwares.

  1. On the level on encryption, Netapp delivers encryption on disk level on Ontap 8.1 RC3 minimum. why on disk level ? why could I not decide which volume required encryption related to policies like for RTO/RPO (snapshots, snapmirror, snapvaults, ...). I would like to decide that this volume contains critical data ... (HR data , ...) and should be secure.
    I would find wonderful a command like : snapencrypt /vol/volname  <key_length> <cypher>.
  2. On the level on compression, compression is also available on Ontap 8.1. But Netapp doesn't recommend to use it in production. Why ? due the fact it can use/kill your CPU on the heads.
  3. Why Netapp doesn't use additional dedicated card like GPU. If Ontap dectect the card it will send automatically the encrytpion/decryption, comrpess/decomress to this card. It will go faster and will relieve the heads's CPU.

Why is this not available ? SIS/dedup is very good. You can use it on primary data compare to other vendor that only do it (or recommend) on secondary/offline data. Netapp has the same approach now for the compress.

I wish so much this approach, to have all these features on a box and don't need extra box ... where is the speech of Netapp : simplify storage management ? Maybe next year, maybe in some years ... maybe never ...

Regards,

Eric

Re: SnapCompress & Snap Encrypt

Hi Eric,

  1. On the level on encryption, Netapp delivers encryption on disk level on Ontap 8.1 RC3 minimum. why on disk level ?

Because it relies on self-encrypting disk drives. Have a look at this doc for more details: https://fieldportal.netapp.com/ci_getfile.asp?method=1&uid=7178&docid=29445

This doc shows also what else is / will be available regarding encryption of data on NetApp: https://fieldportal.netapp.com/ci_getfile.asp?method=1&uid=7178&docid=32623

(both docs are available to NetApp & NetApp partners only)

Regards,

Radek

Re: SnapCompress & Snap Encrypt

Hi,

thanks for the fast response. But I don't care about self-encrypting disk drives. Actually you have to encrypt all your disk in the shelves/aggregates on the head.  So for your backup you have to encrypt also all your SATA disk for your backup. If the data/block is encrypted by Ontap, the data is secure, can be replicate with snapmirror between data center in a secure way and the the block should be decrypted on the target because the snapmirro should also sync the key used to encrypt the volume.

Also if you don't use encrypt disk you can use DataFort. when we request info it, they didn't know if they still continue it, what was the future (10 Gb supported or not). For you info we use only NAS features for all our database on NFS.

It means also that you have to add boxes (cables, software, knowledge, ....) and the COSTS !!!  ... simplify storage ??? Dedup on volume is the best approach and the encryption should work in the same way = use or not a feature = a simple command.

If I want to listen CD in my car , I don't need to buy a radio that cost so much than the car

Regards,

Eric

Re: SnapCompress & Snap Encrypt

Hey, don't shoot the messenger, okay?

Data encryption at rest on the box (or on the disk) protects against one corner case only - actual disk theft (so probably not a major concern for most DCs!)

If it makes you feel any better, EMC implementation is equally, hmm, limited - the whole array, or nothing: http://www.emc.com/collateral/hardware/white-papers/h8073-symmetrix-data-at-rest-encryption-wp.pdf

Re: SnapCompress & Snap Encrypt

No I will not shoot the messenger ... it is good to share opinion & experience.

EMC huummmmm

But I think the customer should be able to select options/way of doing the job and the consequence : dedicated box (performance, not head impact, ...), in-the-box fonction (use command to activate it, could have performance impact, ...)

Regards,

Eric