We are excited to announce the launch of native support for Identity Federation in NetApp BlueXP! This powerful new capability empowers administrators ...read more
Why ASA
The new NetApp® All-flash SAN Array (ASA) scale-out storage systems are simple, powerful, optimized for SAN deployments and support advanced data management and protection features. The ASA systems support IP-based and FC-based SAN protocols with symmetric active-active multipathing for mission-critical enterprise applications such as Microsoft SQL, Oracle databases and VMware virtual infrastructure.
The table below highlights some of the technical specifications of the new NetApp ASA A-Series systems for comparison. Please refer to NetApp ASA datasheet and NetApp Hardware Universe for specification details of the ASA systems and their supported limits.
Select Specifications
ASA A1K
ASA A90
ASA A70
ASA A50
ASA A30
ASA A20
Form factor
2 x 2U
4U
4U
2U
2U
2U
Max cluster size
12 Nodes
12 Nodes
12 Nodes
12 Nodes
8 Nodes
6 Nodes
Max raw capacity per HA pair
2.67 PB
2.67 PB
2.67 PB
1.8 PB
1.1 PB
734 TB
Max raw capacity per cluster
16 PB
16 PB
16 PB
11 PB
4.4 PB
2.2 PB
PCIe expansion slots per HA pair
18
18
18
8
8
8
Max FC speed
64 Gbps
64 Gbps
64 Gbps
64 Gbps
64 Gbps
64 Gbps
Max Ethernet speed
200 Gbps
200 Gbps
200 Gbps
100 Gbps
100 Gbps
100 Gbps
With immutable ONTAP Snapshots, your mission-critical SAN data can be recovered to any point in time. To further protect against any potential infrastructure disasters, your data can be safeguarded with multi-site NetApp ASA clusters. You can achieve synchronous data replication by configuring ONTAP SnapMirror active sync feature to replicate SAN data included in application-specific consistency groups. This ensures zero Recovery Point Objective (RPO) and Recovery Time Objective (RTO), thereby maintaining seamless business continuity.
Why FlexPod SAN solutions
FlexPod® is a best practice converged infrastructure data center architecture that includes the following components from Cisco® and NetApp:
Cisco Unified Computing System (Cisco UCS®)
Cisco Nexus and MDS families of switches
NetApp Fabric-Attached Storage (FAS), All-Flash FAS (AFF), and All-flash SAN Array (ASA).
Each of the FlexPod component families shown (Cisco UCS, Cisco Nexus/MDS switches, and NetApp storage) provides platform and resource options to scale the infrastructure up or down as per application requirement, while supporting the features and functionalities that are required under the configuration and connectivity best practices of FlexPod.
All FlexPod components have been integrated so you can deploy the solution quickly and economically while eliminating many of the risks associated with researching, designing, building, and deploying similar solutions from the foundation. FlexPod solution design is flexible enough that the networking, computing, and storage can fit in one data center rack or be deployed according to a customer's data center design.
The reference architectures available as Cisco Validated Designs (CVDs) and NetApp Verified Architectures (NVAs) provide details of the highly available solution design and implementation which makes it simple to deploy FlexPod solutions. With Cisco UCS, the template-based and profile-based server management makes it easy to enforce configuration consistency for your servers and simplify server life-cycle management such as server replacement while maintaining server identities.
FlexPod SAN solution deployment with NetApp ASA
FlexPod SAN solutions can be built by using any supported hardware components and software versions that are listed in the NetApp Interoperability Matrix Tool, Cisco UCS Hardware and Software Compatibility List, and Broadcom Compatibility Guide.
The FlexPod solution team recently published a NetApp ASA based FlexPod SAN solution NVA: FlexPod SAN Solution with Cisco UCS X-Series Direct and NetApp ASA. For this FlexPod SAN NVA solution, we focused on the deployment of Cisco Intersight managed UCS X-Series Direct, NetApp ASA A50 storage system, VMware virtual infrastructure, NetApp ONTAP tools for VMware vSphere, Microsoft SQL server, and Oracle RAC database using iSCSI protocol in a direct-attached storage configuration.
Example solution topology and hardware / software components
Some customer use cases and applications might require starting with a medium solution scale where the compute and storage resources and performances might start small but requires a certain amount of solution scaling as their business grow. There might also be mandates for the solution to be deployed cost effectively for multiple offices or for multiple applications.
The FlexPod SAN solution with Cisco UCS X-Series Direct and the mid-range NetApp ASA A50 is a great combination for this target solution scale. The X-Series Direct integrates the UCS Fabric Interconnects (FIs), UCSX-S9108-100G (S9108), in the X9508 chassis, thus reducing the UCS rack space requirements and costs for building a medium-scale FlexPod SAN solutions.
By configuring some of the FI ports as appliance ports, you can directly attach the NetApp ASA storage systems to the FIs without requiring additional Ethernet switches in between UCS compute and NetApp storage as shown in the figure below.
The table below shows a list of the hardware components and software revisions that can be used to deploy VMware virtual infrastructure, Microsoft SQL server, and Oracle databases using the scalable FlexPod SAN infrastructure above.
Component
Product
Version
Compute
Cisco UCS Fabric Interconnects
UCSX-S9108-100G (Intersight managed mode)
4.3(5.240191)
Cisco UCSX-215c-M8
5.3(0.250001)
CPU
AMD EPYC 9534 64-Core CPU 2.45GHz
Cisco VIC 15230 UCSX-ML-V5D200GV2
5.3(4.84)
Network
Cisco Nexus 93600CD-GX NX-OS
10.4(4)M
Storage
NetApp ASA A50 ONTAP
9.16.1P3
Software
Cisco Intersight
SaaS
VMware vSphere
vSphere 8 update 3
Cisco VIC nenic driver
2.0.15.0
VMware vCenter
vCenter 8 update 3
NetApp ONTAP tools for VMware vSphere
10.4
Oracle Database 21c Grid Infrastructure
21.3
Oracle Database 21c Enterprise Edition
21.3
SLOB
2.5.4.0
Microsoft Windows Server 2022 Datacenter
10.0.20348
Microsoft SQL Server
2022
Microsoft SQL Server Management Studio
20.2.1
HammerDB
4.12
Solution availability and life-cycle management
FlexPod SAN solution infrastructure is designed to provide a highly resilient SAN environment for your mission-critical applications. The infrastructure resiliency is the result of ensuring no single-point-of-failure scenarios by deploying the solution infrastructure with redundant components and redundant connectivity between components.
Thanks to this redundant infrastructure design, the solution infrastructure provides multiple available paths for the servers in the SAN ecosystem to connect to the underlying storage whether the storage solution is using SCSI LUNs with iSCSI protocol or using NVMe namespaces with NVMe/TCP protocol.
For IP-based SAN multipathing, two independent SAN fabric are available in the solution: one using FI A and the other using FI B. The Virtual Interface Card (VIC) 15230 card in the X215c M8 compute node in the UCS X-Series Direct solution provides the server’s internal connectivity to both FI A and FI B using virtual NIC (vNIC) paths pinned to the respective fabrics.
The ASA A50 dual controller storage system has two controllers: controller A and controller B. Each controller is connected to both FI A and FI B for IP-based SAN connectivity as shown in the figure. With symmetric active-active multipathing support in ASA, an iSCSI LUN can be accessed from both controllers. When one iSCSI LIF per fabric is created on each storage controller, there should be four total active/optimized paths to each iSCSI LUN for this configuration.
In this FlexPod SAN solution with Cisco UCS X-Series Direct and NetApp ASA NVA, it also includes sections with VMware infrastructure, Microsoft SQL and Oracle RAC database application deployment information, sections which highlight tests performed to ensure infrastructure resiliency and solution availability when there is a component failure. Furthermore, it covers life-cycle management tasks such as component software / firmware upgrades which is important to keep your solution updated to adopt new features or to address bugs and security concerns.
How to get started
By following FlexPod NVAs and CVDs, FlexPod SAN solutions deployment is greatly simplified. It also eliminates many of the risks associated with the solution design and deployment. You can get started easily by evaluating your SAN solution requirements, identifying the amount of compute resources and storage performance and capacity you need, and then engage a NetApp partner to help you pick out the optimal FlexPod SAN solution components for your current needs and future growths. Afterwards, you can easily deploy your solution by following the FlexPod SAN solution with Cisco UCS X-Series Direct and NetApp ASA NVA or reference additional FlexPod SAN solution design and deployment guides available from the FlexPod Design Guides and FlexPod Solutions web sites.
References
FlexPod SAN solution with Cisco UCS X-Series Direct and NetApp ASA: https://www.netapp.com/pdf.html?item=/media/135828-flexpod-san-ucs-xdirect-asa-nva-deploy-guide.pdf
FlexPod Design Guides: https://www.cisco.com/c/en/us/solutions/design-zone/data-center-design-guides/flexpod-design-guides.html
FlexPod Solutions: https://docs.netapp.com/us-en/flexpod/index.html
NetApp ASA datasheet: https://www.netapp.com/media/85736-ds-4254-asa.pdf
NetApp Hardware Universe: https://hwu.netapp.com
NetApp Interoperability Matrix Tool: http://support.netapp.com/matrix/
Cisco UCS Hardware and Software Compatibility List: https://ucshcltool.cloudapps.cisco.com/public/
Broadcom Compatibility Guide: https://compatibilityguide.broadcom.com/
... View more
NetApp’s Workload Factory GenAI enables streamlined deployment and management of knowledge bases using FSx for ONTAP data, integrating with Amazon Q Developer via the Model Context Protocol (MCP) server to enhance developer productivity through generative AI, with detailed steps for infrastructure setup, knowledge base creation, data source addition, MCP server configuration, and usage within Amazon Q CLI and VS Code extension.
... View more
Many customers face challenges related to database discovery, resiliency, data archival, long-term retention, and infrastructure operational challenges. Your databases could be residing anywhere across hybrid cloud, on-premises, hyperscalers which could be hosted on Cloud Volumes ONTAP (CVO), first party service on AWS FSx for ONTAP or service provider-hosted environment, SQL Server could be installed as a standalone or setup with an availability group, protecting data across various setups could get very complex.
In the event of natural calamities, or the growing threat of ransomware, tapes remain the preferred method for backing up and restoring databases. Until a few years back, restoration from tapes was merely requested for a restoration drill to test whether tape restore is working fine. With an increasing number of ransomware attacks, organizations found that restoring from tape takes over a month, and only 20-40% of the data is typically recovered. RTO and RPO are still a concern for many businesses.
Another hurdle is lean operating management of the backup admin, where the chances of human error can lead to an incorrect restoration of data that increases the restore time. Operational challenges are mainly managing the product lifecycle of backup. Apart from managing the business infrastructure of critical applications, managing upgrades and coordinating upgrades gets complex, operation team must go through multiple levels of approval and qualifications.
All these challenges can be overcome with new, advanced NetApp Backup and recovery feature which is now available for public preview. It is a single control pane to protect Microsoft SQL Server databases. The current release supports SQL Server databases mounted on storage with FC/iscsi-connected LUNs on NetApp storage. Databases running on VMware virtual disk over VMFS or NFS data store are also supported.
Onboarding SQL Server host
The first step is the onboarding process. Under NetApp BlueXP, go to Protection-> Backup and recovery service. Click Microsoft SQL Server-> Discover and Manage. Fill in the host & credential details to add SQL Server host and click Discover. NetApp backup and recovery service will automatically discover all the instances and database resources running on that SQL Server host.
Protecting SQL Server databases:
Protecting SQL Server database is based on policy created in NetApp Backup and recovery. User must define the frequency, schedule and configure destinations to store backups. Single policy can be used to backup multiple databases. Having minimum number of policies helps in reducing the backup management.
Protecting database start with creating policy. Below is the flow of creating policy.
Enable protection at the instance level or the database level. Select an instance, and select the type of backup architecture.
Select the frequency & retention of backup in policy
Configure destination volume path, frequency and retention period on the secondary storage
Configure object storage destination, frequency and retention period
Users can check additional options in the protection policy such as receiving any notification or enabling ransomware scan on object store.
Create policy and attach it to the database or instance resource. Backup job will run as per the schedule
Database cloning:
In case of application testing or reporting, you need a copy of the database, go to clone and select the database to create new clone. With few clicks database clone can be created. The complete orchestration to create clone on ONTAP, mount filesystem to the SQL Server host, and attaching the database to SQL Server host is done from NetApp Backup and Recovery service.
Below figures shows the workflow of creating clone. User need to provide the details of source database and target destination. Then select the snapshot, recovery scope whether database must be restored with full backup or transactional logs must be restored.
.
Database restore:
Under Databases inventory, database restoration can be performed by clicking on ellipsis for specific database and select Restore option.
You could restore database from just a full backup or perform point-in-time-recovery. Select the snapshot and select the source location of snapshot. If the snapshot is deleted from local or secondary storage as per the retention period, restore from object storage. Provide the destination path to restore.
Figure below shows restore option from object storage.
NetApp Backup and recovery service will restore the database securely on same SQL server host or on alternate SQL Server host.
Migrating SnapCenter plug-in for MS SQL Server to NetApp backup and recovery service:
If you are an existing NetApp SnapCenter user, then you should take advantage of the NetApp Backup and recovery. The service has import SnapCenter functionality to migrate most of the SnapCenter protected SQL Server resources to NetApp backup and recovery. All the historical snapshots and configuration metadata will be migrated to NetApp Backup and recovery. Users don’t have to reconfigure policies. There is a validation process that checks the feasibility of migration before switching over to NetApp Backup and recovery.
Conclusion:
Finally, reports are a simplified way to look at the overall protection status such as how many databases are protected, how many were successfully backed up and failed. Similar reports are available for restore and clone jobs.
With all these benefits, you can further modernize infrastructure. Get into the BlueXP management UI, don’t worry about the setup process, as it’s a managed infrastructure. You don’t have to worry about installing a separate server to host SnapCenter or any backup infrastructure. Login into NetApp BlueXP, evaluate NetApp Backup and recovery for MSSQL Server in public preview across your test environment and share your feedback.
To understand more about the NetApp Backup and recovery, refer documentation here.
... View more
KV (key-value) caching is a technique that is used to optimize LLM inference by storing previously calculated values in a KV cache so that these values don't need to be calculated again for every new token that is generated, which would otherwise be necessary. As model context windows grow ever larger, and inference platforms are utilized by more and more users, the size of the KV cache can quickly outpace the amount of available GPU memory.
... View more
We are excited to announce the launch of native support for Identity Federation in NetApp BlueXP! This powerful new capability empowers administrators with a centralized, self-service experience to configure, test, and manage identity federations directly within the BlueXP console. By integrating Identity Providers (IdPs) with BlueXP, enterprises, service providers, and partners can now enable their users to sign in to BlueXP using their corporate credentials, ensuring secure and streamlined access. What Is Identity Federation? Identity Federation delegates the user authentication to a trusted external party. To support this, we enable a federation admin to establish a trust relationship between BlueXP and their organization’s Identity Provider (IdP). This allows their IdP to authenticate users, while BlueXP controls authorization—determining what resources users can access. Here’s how it works: An Enterprise user tries to access BlueXP by entering their email address. BlueXP redirects the user request to their enterprise IdP. The IdP authenticates the user and sends BlueXP a secure assertion or a claim containing the user’s identity and attributes. BlueXP uses this information to establish a session and determine the user’s access scope. This model enables enterprises to maintain identity management through their own IdPs, while ensuring consistent and secure access control across BlueXP Data Services . How It Was Done Before Previously, federation setup and management were handled through a separate application — Cloud Central. This approach introduced several challenges: Disjointed admin experience, requiring users to switch between Cloud Central and BlueXP. Lack of visibility into federation health and workflows. Unable to federate domains other than the one used to login to cloud central Unable to switch federations from provider to the other provider Admins couldn’t manage user access as Cloud Central lacks role-based access controls Why this Launch Matters With native federation support now built into BlueXP, admins have the following benefits. Streamlined wizard experience: The new interface enables a BlueXP federation admin to go through a step-by-step process when configuring federation, allowing them to save progress at any point and seamlessly resume the setup later – ensuring flexibility and ease of use. Admins can now configure, test, manage, and troubleshoot federations entirely within the BlueXP console. Visibility: admins can view the federation workflows and health status. Domain Verification: With domain ownership verification built in, admins can prove they own the domain before configuring federation for that domain Support multiple domains: Admins can now configure multiple domains for a federation in a self-service fashion Switch federations between providers: BlueXP admins can now transition federation configurations between identity providers safely and seamlessly using a self-service workflow. This launch significantly reduces service disruptions, minimizes support tickets, and enhances security and user experience—unlocking the full potential of identity federation for BlueXP customers. Federation Setup To setup federation, login to BlueXP with a Federation admin or with an Org admin role. Enter the Federation page under the IAM. We present the dashboard of the Federation service with metrics of the active federations and verified domains. This feature supports two main workflows. They are as follows - Verify domain ownership Configure new Federation Verify Domain Ownership – If your login domain matches the Domain you are federating with then you don’t need to verify Domain Ownership. For e.g., If you are logged in as "user@example.com" but you plan to federate the domain “contoso.com”, in which case, BlueXP expects you to prove that you own the domain by adding the code BlueXP provides to your domain’s DNS TXT record. This is typically achieved by sharing the code with your DNS server admin or with the Network admins at your work. Your admin will add the code as TXT record for the domain you planned to configure. Once this is complete, access the BlueXP Domain tab of the Federations, click the action “verify domain” and then issue Verify. Configure new Federation - Once you verify your domain ownership, BlueXP allows you to federate that domain. We have provided a wizard experience to configure federation in six simple steps as show below – Select the Domain Select a protocol or provider of your IdP Read Instructions to configure your IdP Create a federation connection Test the federation Enable the Federation Step1 - Select one or more verified domain(s) you like to federate. If your login domain is the same as the domain you are federating, in which case you select the option of “your email domain” Step2 - Select a protocol or the provider of your IdP. We support the following – Protocols - SAML, OIDC and AD FS. Providers - Entra ID, and Ping Federate. Step3 – Instructions to configure your IdP Step4 – Create Connection you need the following info for PingFederate - IdP Server URLs (sign-in and sign-out) and X509 signing certificate of the IdP Step5 – Test the connection with your enterprise credentials Upon clicking the test connection, a new page will be opened, the admin needs to enter their enterprise credentials. Upon successfully testing, click refresh page. Step6 – Enable connection Upon a successful test, you are allowed to enable the federation. If you miss this step, federation will not work for your domain. Upon clicking Enable federation, you can notice that the federation is now enabled. To prevent accidental deletions, we don’t allow deleting of the active federations. The admin has to set the federation to disable state and then delete the federation as a next step. Switch Federations Enterprise Identity admins have a business need to experiment with new Identity providers or protocols with a goal to safely transition between federations. The process is straightforward and secure. Here are the steps - First, configure and test a new federation for the same domain. Don’t enable it immediately. Disable the currently active federation Finally, enable the newly tested federation. This approach ensures a smooth transition with minimal disruption, allowing admins to validate new configurations before making them active. What’s next Receive proactive notifications when federation attributes (client-ID/client-secrets and certificates) are nearing expiration Deletion protection with confirmation prompts
... View more