Tech ONTAP Blogs

ONTAP FPolicy Performance Dashboard


A few months ago I published a blog post about "Why you need to monitor ONTAP FPolicy performance"; that post showcased a dashboard under development back then. The FPolicy dashboard has since been published to the Cloud Insights dashboard gallery, so here we go with another post on why and how to use it. NetApp FPolicy (derived from the name “File Policy”) is a file-access notification framework that you use to monitor and manage file access over the NFS or SMB/CIFS protocol. It’s been part of ONTAP for over a decade, and it’s incredibly useful in helping you detect and prevent ransomware. External mode integrates with external services (Such as Cloud Secure) that provide security and access auditing. Storage administrators want to understand the impact of the FPolicy external mode workload on the ONTAP system—additional workload from FPolicy might increase I/O latency and change the cluster IOPS optimal point. Security administrators want to understand how well their tools are working and plan for capacity growth.


If you're already monitoring ONTAP in Cloud Insights, getting started is easy (and if you're not, what are you waiting for? You can be up and running with a free trial in no time at all). Just navigate to the dashboard gallery and select the FPolicy dashboard to automatically add it to your tenant:


Once added, you can view the dashboard and customize it so that is includes only the information relevant for monitoring the services dependent on FPolicy. This is enabled via the variable preconfigured on the dashboard that enables filtering by ONTAP cluster. We collect six metrics for FPolicy including latency and number of requests - these are available at whole cluster level as well as broken out by external consumer. The dashboard looks like this:




This dashboard covers a number of scenarios:

  • Making changes to a tool using FPolicy - understand the impact of changes
  • Analyzing how FPolicy usage is impacting ONTAP Performance
  • Adding application monitoring for IT service end-to-end visibility

Here is an example of adding CPU Utilization, IOPS and Swap rate for an application VM:




Every metric in Cloud Insights can also be monitored and generate alerts. Here are a couple of possibilities for alerting for FPolicy, one directly using the FPolicy counter and one focused on the VM hosting a service consuming FPolicy:


  • High FPolicy Latency - if you see metric netapp_ontap.fpolicy.max_request_latency go higher than a few seconds consistently over a few hours your application is probably configuring FPolicy to collect too many events
  • High IT service VM processor utilization - if you see the metric above 95% over too long a period, your application may have a problem

How would you use this dashboard in your environment? What customization would enable IT service  monitoring? Questions or requests? Post a comment and we will respond.