Tech ONTAP Blogs

One-click security hardening with Active IQ and Cloud Manager


NetApp® Active IQ® Digital Advisor simplifies the proactive care and optimization of NetApp storage by helping you uncover and address risk factors that can affect system availability and performance. From misconfigurations to best practice gaps, Active IQ is constantly looking for ways to improve system health.


One area Active IQ pays special attention to is security. It looks through all the security advisories to figure out which ones apply to your environment, how critical they are, and whether any remediation actions are available. Active IQ will also help make sure you are protected from ransomware.


AIQ Wellness Cards.png


And remember, Active IQ doesn’t just find potential issues, it helps you fix them. This could be prescriptive step-by-step guidance, or automated actions that are as simple as a few clicks.


For instance, security vulnerabilities can often be mitigated with a firmware update. Active IQ figures out which systems need an update and then uses Ansible playbooks to automatically update drive, shelf, and service processor firmware for each of those systems.


This month we added another automated fix that utilizes NetApp Cloud Manager to address a security best practice.


Recently, Active IQ was fully integrated into Cloud Manager creating a single management interface that combines Active IQ’s insights and guidance with Cloud Manager’s advanced data services and ability to address many of Active IQ’s recommendations.


A perfect example of this symbiotic relationship is one-click security hardening. Active IQ will check your entire fleet to see if ONTAP management protocols are in FIPS 140-2 compliance mode. FIPS compliance mode provides more secure and restrictive protocols, algorithms, and cipher suites that reduce the attack surface of the ONTAP system by eliminating connections that are more vulnerable to hackers. If it finds one or more clusters where this setting is disabled, you will see an alert in Cloud Manager and be able to make the needed cluster configuration change using the AppTemplate feature. 


CM FIPS Alert.png


CM-FIPS AppTemplate.png


Check back soon for a 2-minute video that shows you exactly how this new feature works.


Active IQ and Cloud Manager are a powerful combination, and we will continue to roll out new features that combine their ability to provide insights and take actions to improve storage health and simplify storage administration.


You can learn more about ONTAP guidelines and configuration settings that help your organizations meet prescribed security objectives in this technical report: Security hardening guide for NetApp ONTAP 9