BlueXP workload factory is an intelligent automation, management, and optimization service that implements industry best practices in the design, setu ...read more
NetApp volumes added support to manage the local Administrators group of the SMB server. This article will explain what local groups are, what they are good for and how to manage them.
... View more
StorageGRID provides several ways to encrypt your data at rest including the use of external key management servers. We have partnered with Entrust to add their KeyControl product to the lineup of supported Key management solutions for StorageGRID node encryption. KeyControl provides a highly available decentralized vault-based solution that is compliant with the Key Management Interoperability Protocol (KMIP). This makes KeyControl an excellent option for StorageGRID. For more information on KeyControl and to try it for yourself, please visit their website. For installation and configuration instructions please read the KeyControl online documentation. You should also read through the StorageGRID documentation relating to encryption and KMS configuration.
Let’s walk through a basic implementation with a single site StorageGRID solution containing a mix of virtual appliances and a physical appliance. Only the physical appliance will be encrypted with a key from two KeyControl servers.
Once you have chosen your KeyControl deployment method and have the desired number of clustered KeyControl server installed, it is time to create a new vault.
In KeyControl, this is as simple as clicking the “Create Vault” button
Fill in the details for the vault.
Choose “KMIP” for the Type of vault
Give the vault a name
Add an optional description
Provide an admin name and email (the Email address will be the login name)
Click on the create vault button and when the vault has been created, a window will pop up containing the link to the Vault URL, username, and a randomly generated temporary password. Make sure you copy out these items as you will need them for the remaining steps.
Open the Vault URL and login with the provided credentials. You will be prompted to set a new password and log in with the new password.
Once logged into the vault click on the large Security icon in the middle. And then on Client Certificates to create the certificate bundle required to authenticate StorageGRID to the KMS.
In the Client certificate window, click on the “+” to create a new certificate.
In the Certificate creation window, provide a name for the certificate, and an expiration date. We will not have a CSR to upload and do not check the boxes for Authentication or Encryption. Click the Create button and the new certificate will be generated and appear in the Manage Client Certificate list.
Select the new certificate and click on the download button. Unzip the certificate package and you will have two .pem files: cacert.pem and certificate_name.pem. The named certificate file is a combined certificate and key that will need to be separated out into individual files with the Key text (highlighted in blue) as a new file named certificate_name.key. The “Bag Attributes” and “Key Attributes” sections are optional.
We are now ready for the StorageGRID configuration. For an appliance to use node encryption with an external KMS, it must be set at the time the appliance is installed. From inside the installer UI, select the Node Encryption menu item under the Configure Hardware Tab, check the box to enable node encryption and save. Repeat this step for all nodes to be encrypted. The node is now ready to be joined to the StorageGRID solution.
Once the node or nodes are all installed and part of the grid, you can now configure StorageGRID to use the KeyControl cluster for kms.
On the StorageGRID management UI under the Configuration tab, click on the Key management server menu item in the Security column.
Click the Create button to add the new KeyControl KMS.
Under the details for the new KMS configuration. Provide a name to identify the KMS, an encryption key name (If one exists already in the KeyControl Vault that you wish to use, or this will be the name of the new key created by this process), what site should be managed by this KMS or all sites not managed by another configured KMS, the port should remain the default, and the hostnames or IP’s on the KeyControl servers in the cluster.
After the details have been entered click the continue button to get to the next page to upload the server certificate. This is the cacert.pem file that was provided by the KeyControl client certificate creation.
Once the certificate is successfully uploaded, click the continue button for the next page where we upload the client certificate and key files.
The final step is to click the Test and save button. If all went well you should be greeted with a final window that informs you there is no existing key in the vault and a new key will be created.
Once the key is created you will see the new KMS in the list with a certificate status unknown. After a few minutes this will update to show the certificates are valid.
Clicking on the KMS name will bring up the information on the KMS. This is also where you can choose to rotate the keys.
You can click on the Encrypted nodes tab and verify the nodes encrypted and the keys used.
If we look in the KeyControl vault Objects, we see the keys in the vault and can compare to the StorageGRID keys in use.
... View more
NetApp has introduced BlueXP™ workload factory for AWS and its workload factory GenAI capability to help you seamlessly create managed retrieval-augmented generation (RAG)-based AI applications, such as chatbots. With RAG, you can personalize foundational models to derive knowledge from your company's structured and unstructured data sources, ensuring your context-aware AI applications are tailored precisely to your needs. This step-by-step guide will walk you through an end-to-end example by showing you how to add context retrieval from your embedded Amazon FSx for NetApp ONTAP (FSx for ONTAP) data sources to an AI chatbot developed in LangChain, powered by AWS and workload factory GenAI capabilities.
... View more
In today's fast-paced environment, businesses are seeking ways to optimize their cloud storage solutions while managing costs. Google Cloud NetApp Volumes now offers committed use discounts (CUDs) to help you cut costs on the resources that you need. CUDs offer significant savings in exchange for a commitment to use NetApp Volumes, and they empower customers with predictable budgeting, aiding in their fiscal planning.
How to sign up for CUDs
Signing up for CUDs is straightforward. Customers with a minimum commitment of $100,000 per year can request a CUD for their billing account. CUDs with a 1-year commitment qualify for a 15% discount. With a 3-year commitment, customers can receive a 20% discount. Discounts apply to all service levels—Flex, Standard, Premium, and Extreme—and can be distributed across multiple projects on the same billing account.
CUD utilization and billing
Committed use discounts are applied to data stored in NetApp Volumes across all tiers and for certain data management features. It's important to note that CUDs currently do not apply to features such as cross-region replication, backups, or tiered data.
Customers can monitor their CUD utilization and spending with a CUD analysis report in the Google Cloud Console. Monthly billing is based on the committed amount, with any overage billed at non-CUD rates.
Find out more
Committed use discounts for Google Cloud NetApp Volumes offer a strategic advantage for businesses looking to optimize their cloud storage costs. With flexibility in commitments, predictable budgeting, and competitive discounts, CUDs are an attractive option for many customers.
For more detailed information and guidance on CUDs, refer to the Google Cloud NetApp Volumes Committed Use Guide and schedule a 1:1 session with one of our specialists to discuss your specific use case.
... View more
This enhancement integrates even more advanced intelligent data management features into your NetApp storage, from on-premises systems to cloud storage offerings.
... View more