Is there a best practice or reference architecture for a MetroCluster like configuration on Azure NetApp Files? I can think of synchronously mirroring between availabilty zones, etc. Customers are asking how their on-prem MetroCluster can be setup in Azure with similar functionality. Thanks for any input
... View more
Hi We have FAS8040 with ONTAP 9.5 with a CIFS server. It has the following security settings: Vserver: SVM_CIFS Kerberos Clock Skew: 5 minutes Kerberos Ticket Age: 10 hours Kerberos Renewal Age: 7 days Kerberos KDC Timeout: 3 seconds Is Signing Required: false Is Password Complexity Required: true Use start_tls for AD LDAP connection: false Is AES Encryption Enabled: false LM Compatibility Level: lm-ntlm-ntlmv2-krb Is SMB Encryption Required: false Client Session Security: - SMB1 Enabled for DC Connections: system-default SMB2 Enabled for DC Connections: system-default LDAP Referral Enabled For AD LDAP connections: false Use LDAPS for AD LDAP connection: false After we've changed msDS-SupportedEncryptionTypes of SVM_CIFS in AD from 6 to 28 authentification via Kerberos ceased to work. I can see from the settings that AES is not enables but as far as I understood, RC4 is enabled always. Taking into account that RC4 is present in 6 and 28 and it works with 6 but not with 28 I can make a conclusion that only DES can be used by NetApp in our case. Any explanations why it could happen? Any ideas on how to debug it? Thanks msDS-SupportedEncryptionTypes: 6 (DES_CBC_MD5 | RC4_HMAC_MD5) 28 (RC4_HMAC_MD5 | AES128_CTS_HMAC_SHA1_96 | AES256_CTS_HMAC_SHA1_96)
... View more
This is the next post in an ongoing series, tracking major issues with the System Manager GUI that began with 9.8. There were incremental improvements in 9.9.1 and 9.10.1. I've now upgraded to 9.11.1 and while there is one area of major improvement (Snapmirror job creation) - it still isn't fully back to pre-9.8 functionality and thus I still can't use the GUI. This is a list of issues I still have with 9.11.1, most of which are unchanged from 9.9.1. Starting to think this is a lost cause when so few fixes have been added in four versions, but at least there are a few and maybe there will be more. Several months ago, I spent days rewriting all of our documentation to instruct fellow admins to use the command line rather than the GUI to perform basic tasks, and unfortunately that still needs to be the case at this point. SnapMirror Job Creation – vast improvement over 9.10.1, but still can’t set the target volume’s size, autosize settings, or percent-snapshot-space amounts Aggregate Percent Full – restore the % full column in the Aggregate (i.e. “Tier”) list. It was so easy for 10+ years to just glance and know % full for each aggregate, and now you have to eyeball it and guess. I use this stat frequently. I can get it from ActiveIQ Unified Manager but would like to have it here also. To me this is very basic. It’s a storage product and you want to know the % of storage used! Volume Percent Full – at least the Volume list can add a Percent Full column back, but you have to do it every time. There’s no way to save a view. Would request either restoring the column permanently or at least allowing us to save a view. I use the % full column frequently. Again, this is as basic as it gets for a storage product! Volume Resize Autosize Amount – previously, going back 10+ years, when you resize a volume the autosize amount automatically adjusts to 20% of the new volume size. In the new GUI, the autosize amount doesn’t change. You have to pull out the Calculator and manually recalculate it. Considering we have autosize turned on for EVERY VOLUME, this is a major pain point considering the fact that resizing is the most common task we perform on a weekly basis. Subnets - restore the ability to manage subnets in the GUI. Efficiency Details – cannot view compression and deduplication job status and statistics on a per volume basis. I used this constantly pre-9.8. Command line commands for this are not clear and easy post-9.8. Efficiency Policies Non-AFF Systems – when editing a volume to change the efficiency policy, you don't see the list of policies available at the cluster level. The only choices are Default and None. Previously, all cluster and SVM level policies were shown as options. We have always configured our policies at the cluster level and used them across SVMs, so this is another case of having to go to the command prompt. AFF Systems – even worse, there is no option to configure efficiency settings on AFF systems. While we leave the auto policy on most volumes, we’ve discovered that adding scheduled efficiency on NFS datastores and a few other volume types provides additional savings beyond inline/auto, so we would like the ability to schedule this to remain available. The only option available is the very confusing "Enable Higher Storage Efficiency" option. Creating Volumes in an SVM Hosting iSCSI LUNs - restore the ability to create volumes in an SVM hosting iSCSI LUNs in System Manager. To put it mildly, this is an extremely basic capability :). Volumes should always be created separately from LUNs, because LUNs should be created in SnapCenter, not System Manager (in 99% of cases). LUN Display in SAN Initiator Groups - restore the LUN ID column to the list of LUNs when you click a SAN Initiator Group. Also, fix the list of LUNs so complete LUN names appear instead of each one being truncated, with no ability to resize a column to see the entire LUN name. Fix the Following Issues in the LUN Creation Wizard The volume and LUN are created with the same size, leaving no space in the volume for snapshots. No option to change autosize / autodelete options until after the fact. I strongly dislike the default options. The phrase "Name Prefix" makes no sense. Should just be "Name". Under initiator group, why isn't there an option to create a new initiator group that isn't part of an existing initiator group? That's what I would need over half of the time, and it's not an option. The Enable SnapMirror functionality is awful. You have to choose the "Asynchronous and Synchronous policies could not be retrieved" "policy" to even see that you have the option of choosing the correct destination cluster and SVM. Significantly worse is that the drop-down protection policy list doesn't include custom policies. We use a custom policy for EVERY SnapMirror job, making this wizard useless. Event Log You only get the full text of an event when you point to it, in a tool-tip format. Expanding it doesn’t give you the full text either. It is critical to be able to select/copy/paste events so they can be sent word for word to NetApp Support and searched on Google. Warnings don't automatically clear after 24 hours like they used to. I have one warning from a volume move that I cancelled a couple of days ago, and it's still here. This will obscure my noticing of any new warnings going forward. When trying to filter the Events Log to show more details about the warning message, I noticed that there is no Warning severity level to filter with! It says "Warning" on the front page and on the top of the Events page, but when you filter the only options are Emergency, Alert, and Error.
... View more
Service processor upgrade from firmware version 5.9 to 5.11 is major or minor upgrade? Please help with the answer and reference document from NetApp.
... View more
We are on OnTAP 9.11.1 now and I'd like to provide documentation for our Help Desk on using Fast Directory Delete, if there are any instructions per-se. Is this just a matter of our enabling the feature on the applicable volume by following the procedure in the link below, and then the Help Desk admin (or end user) simply deleting the folder with a zillion files? And it should delete fairly rapidly? Is it that simple or is there more to it? Thanks in advance! https://docs.netapp.com/us-en/ontap/flexgroup/manage-client-async-dir-delete-task.html#enable-client-asynchronous-directory-delete
... View more