NetApp is thrilled to announce our collaboration with Amazon Web Services (AWS) as a launch partner for Amazon Elastic Kubernetes Service Hybrid Nodes (EKS-H)
... View more
AWS and NetApp now offer NetApp® on-premises enterprise storage arrays for AWS Outposts, an integrated solution to simplify the deployment of block storage for AWS Outposts through the AWS Management Console. This simplification means that customers can seamlessly attach block data volumes backed by NetApp on-premises enterprise storage arrays to Amazon Elastic Compute Cloud (EC2) instances on AWS Outposts directly from the AWS Management Console. This integration allows customers to use NetApp’s intelligent data infrastructure with Outposts to create a resilient, compliant, and optimized infrastructure. What is AWS Outposts? AWS Outposts is a fully managed service that brings cloud capabilities to on-premises and edge locations. It offers the same AWS infrastructure, AWS services, APIs, and tools to run your applications on your premises as in the AWS Regions. AWS compute, storage, database, and other services run locally on AWS Outposts, and you can scale your on-premises applications by using familiar AWS services and tools. AWS Outposts is connected to a nearby AWS Region and operates with the same control plane as other AWS services in the Region, providing a consistent operational experience across AWS Regions and on-premises locations. Your AWS Outposts infrastructure and AWS services are managed, monitored, and updated by AWS, just as in AWS Regions. Deep integration: NetApp and AWS Outposts Simplified user experience. Customers can attach block data volumes backed by NetApp on-premises enterprise storage arrays to Amazon EC2 instances on Outposts by using the EC2 launch instance wizard. This approach simplifies the user experience and automates volume attachments for various workloads. Enhanced data protection. NetApp can provide advanced data protection and compliance across AWS Outposts and AWS Regions with industry-leading file, block, and object services. Seamless hybrid cloud. Customers who extend the power of AWS Cloud in their data centers can use NetApp ONTAP® data management software connected to Outposts and Amazon FSx for NetApp ONTAP in the AWS Regions. "This collaboration between AWS and NetApp represents a significant leap forward in hybrid cloud solutions. By integrating NetApp's enterprise storage capabilities with AWS Outposts through our native management console, we're empowering customers to deploy and manage their on-premises workloads with the same ease and flexibility they've come to expect from AWS. This integrated solution not only simplifies operations but also enables advanced data protection and compliance capabilities, providing a seamless hybrid cloud experience. It's a game-changer for organizations looking to leverage the power of the cloud while maintaining critical workloads on-premises." —Jan Hofmeyr, Vice President of EC2 Networking and Edge, AWS Use cases and key advantages NetApp and AWS Outposts support a broad range of workloads for block storage: VMware vSphere to Amazon EC2 instance migration. Migrate from VMware to Amazon EC2 instances where NetApp storage is the primary storage for all data. Databases. Customers can run mission-critical databases on AWS Outposts and leverage NetApp tools for backup, replication, and disaster recovery. Enterprise and financial services apps. Customers can run their latency-sensitive applications or applications subject to regulatory compliance on Outpost and benefit from the AWS security and compliance features. Seamless hybrid cloud experience The ability to integrate volume attachments with EC2 instance launch directly from the AWS Management Console simplifies the user experience and reduces complexity. Eliminating manual processes and promoting automation makes it easier for customers to leverage the advanced storage capabilities offered by NetApp wherever they need them, both in the AWS Regions with Amazon FSx for NetApp ONTAP and on premises with AWS Outposts. Learn more at https://www.netapp.com/aws/outposts/
... View more
Data is the cornerstone of modern AI applications, especially for generative AI (GenAI), where retrieval-augmented generation (RAG) enhances the relevance and utility of generated content. But what if you have sensitive data you DON’T want shared by your GenAI solution?
... View more
Data centers house critical business applications and sensitive information, making them prime cyberattack targets. Effective security measures ensure business continuity and protect against data breaches, which can have severe financial and reputational consequences. NetApp and Cisco products are vitally hardened with inventive and reliable security best practices at all stages of product implementation (design, hardware implementation, and software development) to ensure there is no compromise in any stack. These products are also backed by vigorous certifications to verify the assertions. This alliance offers FlexPod as a secure infrastructure solution for businesses that are mindful of their security aspect.
FlexPod
Offered jointly by NetApp and Cisco, FlexPod Datacenter is a full-stack robust secure architecture. FlexPod consists of Cisco UCS servers, Cisco Nexus switches, Cisco MDS switches, and NetApp ONTAP storage controllers. It supports all kinds of critical business workloads from virtualization, databases, AI/ML, healthcare, containers, and beyond. Bundled with effective automation, FlexPod solution delivers reliability, flexibility, and simple manageability for businesses.
FlexPod with Security
From the ground up, each component in the FlexPod stack does not compromise on security. Both NetApp and Cisco are committed to build security from inception, and this is verified by robust product certifications including FIPS 140-2/140-3, ISO 27001, CSfC, etc. For effective deployment of these security products, FlexPod security solutions serve all the necessary guidelines and best-practice procedures to implement critical business use cases.
FlexPod Security Hardening TR is one of the first solutions from NetApp that offers guidance and configuration examples at network, storage, compute, and virtualization layers to harden FlexPod infrastructure security and help organizations achieve their security objectives.
FlexPod Datacenter Zero Trust Framework CVD is a joint solution from Cisco and NetApp that leverages several technologies and security products to incorporate segmentation and control (multi-tenancy design using VRF, VLANs), visibility and monitoring (network and OS level visibility and anomaly detection), threat protection and response into the infrastructure. This solution incorporates various security products and components providing a robust framework that extends to all layers, including network, compute, hypervisor, and storage and includes implementation of tenant-based segmentation. The Zero Trust framework for FlexPod solution utilizes multiple additional security components by Cisco and NetApp including Cisco Secure Firewall Threat Defense (FTD), Cisco Secure Network Analytics (previously Stealthwatch) to provide visibility and monitoring, Cisco Secure Workload (previously Tetration), and NetApp Autonomous Ransomware Protection (ARP) to provide threat protection and response.
ONTAP Security
ONTAP provides a set of controls that allows you to harden the ONTAP storage operating system, the industry's leading data management software. Using the guidance and configuration settings for ONTAP helps your organizations meet prescribed security objectives for information system confidentiality, integrity, and availability. Some of the important features that secure ONTAP systems include multi-admin verification (MAV), multi-tenancy (multiple IPspaces), ONTAP Fpolicy, Autonomous Ransomware Protection etc.
Ansible Automation
Leveraging the power of programming, automation enables simplification of the complete deployment procedures. The automation support allows users to significantly reduce time to deploy and deployment error. FlexPod automation delivers a fully automated solution deployment that covers all sections of the infrastructure and application layers. The Ansible playbooks, to configure the different sections of the solution invoke a set of Roles and consume the associated variables that are required to setup the solution. Based on the installation environment customers can choose to modify the variables to suit their requirements and proceed with the automated installation.
Users can leverage Ansible playbooks that have been designed to set up the ONTAP configuration with security best practices. It is assumed that the ONTAP base setup is in place as per the procedures mentioned in the FlexPod Base CVD before executing these Ansible playbooks. Features such as tag-based execution, and automated solution deployment enable replicating the manual deployment procedures and support the versatile use of Ansible playbooks according to the deployment scenarios. Users can execute specific tasks using the tags associated with the fine-grained tasks within the roles. This automation support enables users to deploy the ONTAP security configuration within minutes with the least error factor.
Conclusion
FlexPod is a proven secure architecture supporting both traditional and modern application workloads. FlexPod combined with Ansible automation helps customers to build repeatable building blocks that are continuously updated to align with the technology innovations incorporating the novel security best practices conforming to the joint reference architectures from Cisco and NetApp. With robust security features, the complete life cycle of cyber-security including prevention, protection, and recovery can be implemented with utmost confidence.
References
FlexPod Security Hardening GitHub Repository
FlexPod Datacenter Zero Trust Framework Design Guide
FlexPod Datacenter Zero Trust Framework Deployment Guide
FlexPod Base CVD
FlexPod Security Hardening (TR-4984-1123)
FlexPod ransomware protection & recovery (TR-4961)
... View more