ONTAP Hardware

Varonis and NTP QFS on FAS

gmilazzoitag
3,646 Views

Hi all,

for the moment I’ve few details for this issue has been reported me from a collegue of mine working in another site. For what I can tell you now software is running on a FAS 3170C with DoT 7.3

It seems that there’s an issue running both Varonis and NTP QFS on this system. As probably you know both product, NTP and Varonis, use separated NetApp “file policies” (fpolicy) that can interact with the external engine of reporter or that can act as source of control. Now it seems that under certain circumstances these two different but concurrent NetApp file policies cannot simultaneously run and the one or the other or both crash.

I would for now know if you are aware of issues on running on the same NetApp system both products or if there are some particular workaround that can be applied.

Thank you in advance,

Regards

1 ACCEPTED SOLUTION

giladr
3,646 Views

Hello,

NetApp is well qualified to run few simultaniusly fpolicies with different products, the only limitation to that is that you have to make sure that both products are configured to use the same "Sync/Async" configuration.

the Sync/Async config is determined by the product itself and not something you can change from the netapp fpolicy configuration.

when you type the fpolicy command on your netapp console you should expect something like this:

File policy test (file screening) is enabled.

File screen servers                P/S Connect time (dd:hh:mm)  Reqs    Fails
------------------------------------------------------------------------------
192.168.1.1    \\TEST        Pri    15:21:27            192624147        0

ServerID: 188        IDL Version: 1    SMB Request Pipe Name: \ntapfprq
        Options enabled: async, version2


Operations monitored:

make sure that both of your fpolicies shows the same (btw: when async doesnt show up it means that its in sync mode), trying to use each one of them with different settings will cause severe issues to the netapp.

I'm not too familiar with NTP or the way they configure their product to use fpolicy, but in Varonis you can definitely choose how the fpolicy will work (Sync/Async) via the Varonis gui.

Hope this helps.

View solution in original post

2 REPLIES 2

giladr
3,647 Views

Hello,

NetApp is well qualified to run few simultaniusly fpolicies with different products, the only limitation to that is that you have to make sure that both products are configured to use the same "Sync/Async" configuration.

the Sync/Async config is determined by the product itself and not something you can change from the netapp fpolicy configuration.

when you type the fpolicy command on your netapp console you should expect something like this:

File policy test (file screening) is enabled.

File screen servers                P/S Connect time (dd:hh:mm)  Reqs    Fails
------------------------------------------------------------------------------
192.168.1.1    \\TEST        Pri    15:21:27            192624147        0

ServerID: 188        IDL Version: 1    SMB Request Pipe Name: \ntapfprq
        Options enabled: async, version2


Operations monitored:

make sure that both of your fpolicies shows the same (btw: when async doesnt show up it means that its in sync mode), trying to use each one of them with different settings will cause severe issues to the netapp.

I'm not too familiar with NTP or the way they configure their product to use fpolicy, but in Varonis you can definitely choose how the fpolicy will work (Sync/Async) via the Varonis gui.

Hope this helps.

gmilazzoitag
3,646 Views

Hi,

this is a good starting point. And overall an unexpected so quick answer!

I'll pass the information "as is" and I'll let you know how things will go.

Thank you very much.

Bye,

Public