StorageGRID has achieved Federal Information Processing Standards (FIPS) certification with both hardware and software methods, and Entropy certification, making it the most security-certified object storage vendor in the market. These certifications ensure the highest level of security for your data in highly regulated industries like government, finance, and healthcare. Additionally, they are a testament to StorageGRID's robust security infrastructure, designed to comply with the most stringent security standards and provide exceptional protection against data breaches. This means you can confidently deliver highly secure and compliant solutions to your customers, knowing that your storage infrastructure meets the highest security benchmarks.   What are FIPS and Entropy Certifications? FIPS Certification: Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States federal government for use in computer systems by non-military government agencies and contractors. FIPS 140-3, in particular, is a U.S. government standard that specifies the security requirements for cryptographic modules used within security systems to protect sensitive information. Achieving FIPS certification means that cryptographic modules within StorageGRID  have been rigorously tested and validated to meet these stringent security standards. Entropy Certification: Entropy certification ensures that the random number generators used in cryptographic processes are truly random and secure. High-quality entropy is essential for generating cryptographic keys that are resistant to attacks. This certification (SP 800-90B) validates that random number generation processes in StorageGRID meet the highest standards of randomness and security. FIPS and Entropy certifications are recognized internationally, making StorageGRID a trusted solution for organizations worldwide that require stringent security measures. What Do These Certifications Mean for You? Enhanced Data Protection: FIPS and Entropy certifications ensure that cryptographic modules and random number generation processes in StorageGRID provide robust security for sensitive data, protecting it from unauthorized access and breaches. Regulatory Compliance: Highly regulated industries, such as government, finance, and healthcare, require compliance with FIPS and entropy standards to ensure the security of sensitive information. These certifications help you meet regulatory requirements and maintain compliance.   Why Choose StorageGRID? At NetApp, security is not just a feature but a fundamental aspect of our products. Our multiple certifications are a reflection of our commitment to providing secure and reliable storage solutions. Here are a few reasons why the security and compliance features in StorageGRID stand out: FIPS-Certified Cryptographic Modules: Ensures rigorous security standards for data encryption, providing customers with robust protection against data breaches. Entropy-Certified Random Number Generation: Provides high-quality random numbers for secure cryptographic keys, ensuring customers' data remains confidential and secure. Data Encryption: Protects data at rest and in transit using advanced encryption techniques, safeguarding customers' sensitive information from unauthorized access. Access Controls: Implements robust access management to restrict unauthorized data access, giving customers peace of mind that only authorized users can access their data. Audit Logging: Maintains detailed logs of all access and activities for compliance and forensic analysis, helping customers meet regulatory requirements and investigate security incidents. Compliance with Industry Standards: Meets requirements for regulations like GDPR, HIPAA, and PCI-DSS, enabling customers to operate within legal frameworks and avoid fines. Immutable Storage: Protects data from tampering and unauthorized alterations, ensuring customers' data integrity and reliability. Data Integrity Checks: Continuously verifies data integrity to prevent corruption and loss, providing customers with confidence in the reliability of their stored data. In fact, NetApp meets the higher standards and requirements of federal security needs more than any other on premise vendor. Capability NetApp StorageGRID MinIO (AIStor / Ent.) Scality (ARTESCA / RING) Dell EMC ECS Pure FlashBlade Cloudian HyperStore FIPS 140-validated cryptography ✔️ ✔️ ❌ ✔️ ✔️ ✔️ FIPS-approved mode / operation ✔️ ✔️ ❌ ✔️ ✔️ ✔️ NIST SP 800-90B entropy validation ✔️ ❌ ❌ ❌ ❌ ❌ Encryption at rest ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Encryption in transit (TLS) ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Fine-grained IAM / S3 policy control ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Enterprise IAM integration (LDAP/AD/OIDC) ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Comprehensive audit logging ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Forensics-grade audit detail ✔️ ✔️ ✔️ ✔️ ❌ ✔️ Immutability / WORM (S3 Object Lock) ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Legal hold support ✔️ ✔️ ✔️ ✔️ ❌ ✔️ Governance vs compliance modes ✔️ ✔️ ✔️ ✔️ ❌ ✔️ Customer-managed encryption keys ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ External KMS / HSM (KMIP, Vault, etc.) ✔️ ✔️ ✔️ ✔️ ✔️ ✔️ Multi-tenant isolation ✔️ ✔️ ✔️ ✔️ ✔️ ❌ Designed for regulated retention workloads ✔️ ✔️ ✔️ ✔️ ❌ ✔️ Even among the features claimed by others, only StorageGRID has all these options in all versions and models of our product, as well as having a strong presence with publicly listed certification validations.   Continuous Commitment to Security Your data's security is our top priority, and these certifications highlight our dedication to providing you with the most secure and reliable storage solutions available. Achieving FIPS and Entropy certifications is a significant milestone for StorageGRID, but it is not the end of our journey.  Our commitment to security excellence ensures that you are partnering with a provider that prioritizes the safety and compliance of your data, giving you a competitive edge in delivering secure solutions.   FIPS and Entropy certifications StorageGRID reinforce our commitment to data security and regulatory compliance. With these achievements, StorageGRID stands out as the most certified object storage vendor in the market. We are dedicated to providing our customers with secure and reliable storage solutions that meet the highest standards of protection. As we move forward, we will continue to invest in our security measures, maintaining our position as a trusted leader in the storage solutions market. If you need a highly scalable and secure object storage solution, StorageGRID leads the industry. If you want to learn even more about the secure data features in StorageGRIDb  you can read more here Learn more about StorageGRID here or contact your NetApp sales representative.   Reference: NetApp StorageGRID FIPS 140-3 validated cryptographic module https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5097 FIPS 140-3 Security Policy (NIST) https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5097.pdf NIST SP 800-90B Entropy Validation (E223) https://csrc.nist.gov/projects/cryptographic-module-validation-program/entropy-validations/certificate/223 IAM & fine-grained S3 policy control (AWS policy language) https://docs.netapp.com/us-en/storagegrid/s3/use-access-policies.html https://docs.netapp.com/us-en/storagegrid-enable/examples/bucket-policy-examples.html Comprehensive audit logging (forensics-grade) https://docs.netapp.com/us-en/storagegrid/audit/ https://docs.netapp.com/us-en/storagegrid/audit/audit-log-file-format.html Immutability / Compliance (S3 Object Lock, retention, legal hold) https://docs.netapp.com/us-en/storagegrid/tenant/using-s3-object-lock.html https://docs.netapp.com/us-en/storagegrid/ilm/managing-objects-with-s3-object-lock.html External key management (KMIP-based KMS integration) https://docs.netapp.com/us-en/storagegrid/admin/kms-configuring.html ... View more

In today's fast-paced digital world, maintaining the continuity of your business operations during unforeseen disruptions is of paramount importance. Enter NetApp Disaster Recovery, a robust SaaS product that simplifies disaster recovery (DR) while reducing costs and complexity.    With traditional DR, the challenges can vary from having to manage VMware and on-premises storage independently, which can be daunting and resource intensive, to licensing requirements that lead to higher costs and inflexibility. In addition, many solutions depend on VMware vSphere APIs for data protection, which consume extra resources and fail to support on-premises native efficiency capabilities in the cloud.   Now let's talk about the fixes that come with NetApp Disaster Recovery  ... View more

Cut SQL Server costs up to 50% with Google Cloud NetApp Volumes ... View more

In this post, I will further explore the benefits of offloading your KV cache to shared storage. I will show the benefits of a shared storage tier and explain why, with certain configurations, there is virtually no downside to including a shared storage tier. ... View more

NetApp Console is your single, secure gateway to everything NetApp. No more juggling multiple logins or interfaces—Console brings it all together in one intuitive dashboard. From orchestrating ONTAP data protection to ensuring resilience with NetApp Data Services, it’s designed to make your life easier.   To connect NetApp Console with your infrastructure, you need a Console agent. This agent acts as the secure bridge that lets you orchestrate storage solutions seamlessly—whether in AWS, Azure, Google Cloud, or your on-premises environment. It also enables you to tap into powerful data protection services, so your workloads stay resilient no matter where they run. In today’s fast-paced IT environments, the ability to deploy secure, compliant, and easily managed agents is critical. NetApp Console’s adoption of the Open Virtual Appliance (OVA) format marks a significant leap forward in simplifying these operations, especially for organisations seeking to streamline their hybrid and cloud workflows. Why OVA Matters The OVA format is more than just a packaging standard—it’s a strategic enabler for IT teams. By delivering the NetApp Console agent as an OVA, NetApp removes many of the traditional pain points associated with agent deployment: Pre-configured Compatibility: The OVA is packaged with a qualified operating system and container runtime, eliminating the need for manual setup and figuring out matching the versions of OS and container run time so that they work in harmony. Rapid Deployment: IT teams can download the OVA directly from Console and deploy it in their vCenter environments, bypassing lengthy configuration cycles. Built-in Verification: During deployment, the OVA verifies access to required network endpoints, providing immediate feedback and helping teams resolve network access issues before they impact operations. Best Practices for OVA Deployment To maximise the benefits of OVA deployment, consider these practical steps: Leverage the Verification Workflow Use the OVA’s built-in verification to ensure all necessary network endpoints are accessible. If issues arise, collaborate with your network team to update policies, then redeploy the OVA. Utilise the Maintenance Interface The agent OVA includes a maintenance interface for updating system and network configurations, running diagnostics, and managing daily operations. Make this part of your routine to keep agents healthy and compliant. Plan for Regular Updates NetApp provides periodic updates to the OVA, including OS and container platform enhancements. Stay informed about the release schedule and plan upgrades to maintain security and compliance without the hassle of tracking individual software versions.   Deploying NetApp Console Agents with OVA Deploying the NetApp Console agent as an Open Virtual Appliance (OVA) is designed to streamline and secure your enterprise operations. Here’s a technical walkthrough to help IT teams achieve a smooth deployment and ongoing management.  Step-by-Step OVA Deployment Download the OVA Package Access the NetApp Console and navigate to Administration > Agents > Deploy agent > On-premises. On the below screen, select the “With OVA” option. From here, you can either choose to directly download the OVA using the “Download the OVA” option or use the “Copy the OVA URL” option to copy the OVA URL and paste it in your browser to start the download. Note: The OVA URL provided under the “Copy the OVA URL” option is intended solely for downloading the OVA package and must not be used during the OVA deployment process in vCenter. Prepare Your vCenter Environment Verify that your vCenter infrastructure meets the minimum requirements for the OVA. This includes sufficient CPU, memory, storage, and network connectivity. For more details, refer: https://docs.netapp.com/us-en/console-setup-admin/task-install-agent-on-prem-ova.html#review-console-agent-host-requirements https://docs.netapp.com/us-en/console-setup-admin/task-install-agent-on-prem-ova.html#network-access-agent Choose a method to deploy the OVA in vCenter You can either first upload the agent OVA file to Content libraries in vCenter and deploy it from there, or choose to upload it from the local system at the time of deployment: From the Content library:          In the vSphere client, navigate to Content Libraries. In Content Libraries, you can choose to create a new content library for Agent or import an Agent OVA to an existing Content library.          To import the Agent OVA, click on ACTIONS > Import item  On the Import Library Item page, select the Local file option and upload the OVA package downloaded in step 1.   Once the OVA is uploaded, select the OVA and under ACTIONS, click on “New VM from This Template”  Follow the instructions in step 4 to deploy the Agent From the Local system          In the vSphere client, navigate to Inventory. Right-click on Cluster/Host where you want to deploy the Agent and click on “Deploy OVF Template”   On the “Select an OVF Template” page, click on “Local file” and upload the Agent OVA  file from your local system         Follow the instructions in step 4 to deploy the Agent Deploy the OVA in vCenter If you have chosen to deploy the OVA from the local system, then for step 1 in the screen below, select the location of the OVA file on your local system and click on “UPLOAD FILES” as shown in the previous section. If you have chosen to deploy the OVA template from the Content Libraries,  then you will directly have to provide details from step 2. Enter the Virtual machine name and select a folder where you want to create the agent VM:            On the “Select a compute resource” page, select the host where you want to create the agent VM On the “Review details” page, review the details of the OVA template. You will get a certificate warning “The certificate is not trusted”  on the page. You can either choose to ignore the warning or import the .pem certificate under Home > Administration > Certificates > Certificate Management > Trusted Root in vSphere. Click Next:  On the “License agreements” page, read and accept the terms for the license agreement and check the box at the bottom of the page. Click Next:  On the “Configuration” page, select the Proxy type if you have proxy in your network setup, else select “No Proxy”. Click Next:  On the “Select storage” page, select the storage where you want to create the machine. Click Next:  On the “Select networks” page, select the network where you want to create the machine. Click Next:  On the “Customize template” page, enter the VM maintenance password (password for the “maint” user) - and other network details. Click Next:  On the “Ready to complete” page, verify all the details you have selected/entered before and click on Finish to start the OVA deployment.  Power on the agent VM after the OVA is successfully deployed. 5. Once the agent is successfully deployed, register the agent with NetApp Console following the steps given in the below doc: https://docs.netapp.com/us-en/console-setup-admin/task-install-agent-on-prem-ova.html#register-the-console-agent-with-netapp-console Conclusion With OVA-based deployment, setting up the agent is faster, simpler, and more secure, eliminating the usual configuration headaches and getting you up and running in minutes. By following these technical steps and best practices, IT teams can deploy and manage NetApp Console agents efficiently, with reduced friction and improved security. The OVA approach not only simplifies initial setup but also streamlines ongoing operations, allowing teams to focus on strategic initiatives.   The shift to OVA is just the beginning. As NetApp continues to evolve Console, expect further simplification of agent operations, more robust cloud deployment wizards, and enhanced guidance for hybrid environments. The goal: empower IT teams to focus on strategic initiatives rather than wrestling with deployment complexity. For more details, refer to: https://docs.netapp.com/us-en/console-setup-admin/task-install-agent-on-prem-ova.html#prepare-to-install-the-console-agent Related blogs: NetApp Console: One secure, simplified management interface NetApp Console: Your New Centralized, Simplified, Secure Management Solution NetApp Console simplicity with agent OVA and wizard deployments ... View more