Introducing ONTAP-mode for NetApp Volumes
Flex Unified on Google Cloud NetApp Volumes (GCNV) gives you the flexible capacity and performance scaling you expect from a cloud file service, plus a rich set of data management features. A key part of that is how you manage your storage: Flex Unified supports two management modes with different paradigms—Default-mode and ONTAP-mode. This post introduces ONTAP-mode and when it’s the right fit for your workloads.
Two Modes, One Storage Layer
In Default-mode, you manage everything through native Google tooling: Cloud Console, gcloud, Google APIs, and the google Terraform provider. Volumes, access management, and data services are configured the “Google way,” with a curated feature set and best-practice defaults so you can get up and running quickly.
In ONTAP-mode, the storage pool is still provisioned and managed through Google tooling (Cloud Console, gcloud, APIs, Terraform). Once the pool is created, however, resources inside the pool—volumes, replications, access control, and many other features—are managed through the ONTAP API or ONTAP CLI. You get a Google-managed pool with the full power of NetApp’s ONTAP operating system at your fingertips.
Both modes run on the same storage layer. You can set and dynamically increase pool capacity, configure throughput and IOPS, enable auto-tiering to move cold data to slower but cheaper tiers, and choose between Google-managed or customer-managed data encryption at rest. Pools are available in zonal or regional configurations, and zonal pools can use large-capacity options for EDA/HPC/ML workloads with higher capacity and performance scaling requirements.
Why ONTAP-mode?
Default-mode delivers a subset of the most relevant ONTAP capabilities, packaged as an easy-to-use service and tuned to best practices for common use cases. Many customers never need more than that.
ONTAP-mode is for teams that need more: a broader feature set and finer control. If your requirements include immutable data archiving, cybersecurity protection, or workflows you’re already running on ONTAP on-premises, ONTAP-mode lets you apply the same ONTAP features and patterns in Google Cloud. You keep the benefits of a managed pool (provisioning, capacity, performance, encryption) while customizing behavior inside the pool to match your policies and tools.
What ONTAP-mode Unlocks
Here are some of the additional capabilities you get in ONTAP-mode:
- Anti-Virus scanning — Connect volumes to a dedicated AV scanner farm for on-access scanning and access blocking, so infected or suspicious files can be detected and blocked at the storage layer.
- Autonomous Ransomware Protection (ARP) — Use workload analysis on NFS and SMB traffic to detect abnormal activity, so you can get early warnings and respond before ransomware can do lasting damage.
- SnapLock volumes — Create WORM (Write Once, Read Many) volumes so data cannot be deleted, changed, or renamed for a retention period.
- LDAP integration — Bind volumes to your LDAP servers for central identity management and extended group support, aligning file access with your existing directory and security model.
- And more — ONTAP-mode exposes a wide range of additional ONTAP features so you can build the exact data lifecycle and protection model your organization needs.
How to Manage ONTAP-mode
Pool lifecycle stays in Google’s world: create, resize, and manage the Flex Unified pool via Cloud Console, gcloud, Google APIs, or the Google Terraform provider. Capacity, performance, encryption, and availability are all controlled there.
Resources inside the pool are managed via ONTAP. You can use the ONTAP REST API through Google API proxies (with examples for crafting API calls), or—often simpler for operators—the gcloud ONTAP CLI proxy. Efforts to make the netapp-ontap Terraform provider work with ONTAP-mode pools are also underway.
Using the gcloud ONTAP CLI proxy
You don’t connect to the ONTAP CLI over SSH. Instead, you send ONTAP CLI commands to your storage pool using gcloud; the command is proxied through Google APIs to your ONTAP-mode pool. The advantage is you don’t need direct network access to the pool, but can run the command from anywhere through an authenticated gcloud command, just like with other Google services.
Note: The CLI command is filtered to block disallowed ONTAP actions. See Allowed ONTAP actions for details. The API call is logged in Cloud Logging for audit and troubleshooting.
gcloud netapp storage-pools execute POOL-NAME "ONTAP-COMMAND" \
--project=PROJECT \
--location=LOCATION \
--storage-pool=POOL-NAME
Learn More
If your workloads need the full ONTAP feature set and you’re comfortable managing ONTAP, ONTAP-mode on Flex Unified gives you that power on a fully managed Google Cloud pool. We’re excited to see how you use it.
