NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

ONTAP Discussions

Hyper-V over SMB

NetApP_3260
2,132 Views

I am planning to build NetApp in a Hyper-V over SMB.

 

The documentation states that both Kerberos and NTLMv2 authentication must be allowed, and that NTLMv2 authentication will be used in the remote VSS process.

 

If we are not using a VSS-linked backup solution, will NTLMv2 authentication be used?

 

The ONTAP version is not CVE-20122-38023 compliant. Is there a need to upgrade the version?

2 REPLIES 2

Ontapforrum
2,072 Views

It's a good question and I get your point.

 

I think I read somewhere that - "ONTAP does not advertise the Kerberos service for Remote VSS; therefore, the domain should be set to allow ntlmv2."

 

So, you just want to run the hypver-v VMs on file-share (SMB3.0) and without their protection for vss-aware-applications?

 

Regarding - CVE-2022-38023:
If you are purely 'kerberos' authenticated environment, this advisory will not impact. But, for your hyper-v envrionemnt, b'cos ONTAP does not advertise the Kerberos service for Remote VSS, it needs to be enabled. And, if you enable this service, then you must comply with the patched ONTAP version otherwise, Domain (RequireSeal:2 is set) will reject it.

 

Does CVE-2022-38023 have any impact to ONTAP 9?
https://kb.netapp.com/onprem/ontap/da/NAS/Does_CVE-2022-38023_have_any_impact_to_ONTAP_9

 

I would raise a ticket with NetApp to find out how to deal with this? and if you get feedback then please do share with us.

NetApP_3260
2,021 Views

Thank you for your response.
Yes, just using NetApp's SMB share as a Hyper-V datastore,
There is no protection implemented in the application using the VSS.

Public