Data centers house critical business applications and sensitive information, making them prime cyberattack targets. Effective security measures ensure business continuity and protect against data breaches, which can have severe financial and reputational consequences. NetApp and Cisco products are vitally hardened with inventive and reliable security best practices at all stages of product implementation (design, hardware implementation, and software development) to ensure there is no compromise in any stack. These products are also backed by vigorous certifications to verify the assertions. This alliance offers FlexPod as a secure infrastructure solution for businesses that are mindful of their security aspect.
FlexPod
Offered jointly by NetApp and Cisco, FlexPod Datacenter is a full-stack robust secure architecture. FlexPod consists of Cisco UCS servers, Cisco Nexus switches, Cisco MDS switches, and NetApp ONTAP storage controllers. It supports all kinds of critical business workloads from virtualization, databases, AI/ML, healthcare, containers, and beyond. Bundled with effective automation, FlexPod solution delivers reliability, flexibility, and simple manageability for businesses.
FlexPod with Security
From the ground up, each component in the FlexPod stack does not compromise on security. Both NetApp and Cisco are committed to build security from inception, and this is verified by robust product certifications including FIPS 140-2/140-3, ISO 27001, CSfC, etc. For effective deployment of these security products, FlexPod security solutions serve all the necessary guidelines and best-practice procedures to implement critical business use cases.
FlexPod Security Hardening TR is one of the first solutions from NetApp that offers guidance and configuration examples at network, storage, compute, and virtualization layers to harden FlexPod infrastructure security and help organizations achieve their security objectives.
FlexPod Datacenter Zero Trust Framework CVD is a joint solution from Cisco and NetApp that leverages several technologies and security products to incorporate segmentation and control (multi-tenancy design using VRF, VLANs), visibility and monitoring (network and OS level visibility and anomaly detection), threat protection and response into the infrastructure. This solution incorporates various security products and components providing a robust framework that extends to all layers, including network, compute, hypervisor, and storage and includes implementation of tenant-based segmentation. The Zero Trust framework for FlexPod solution utilizes multiple additional security components by Cisco and NetApp including Cisco Secure Firewall Threat Defense (FTD), Cisco Secure Network Analytics (previously Stealthwatch) to provide visibility and monitoring, Cisco Secure Workload (previously Tetration), and NetApp Autonomous Ransomware Protection (ARP) to provide threat protection and response.
ONTAP Security
ONTAP provides a set of controls that allows you to harden the ONTAP storage operating system, the industry's leading data management software. Using the guidance and configuration settings for ONTAP helps your organizations meet prescribed security objectives for information system confidentiality, integrity, and availability. Some of the important features that secure ONTAP systems include multi-admin verification (MAV), multi-tenancy (multiple IPspaces), ONTAP Fpolicy, Autonomous Ransomware Protection etc.
Ansible Automation
Leveraging the power of programming, automation enables simplification of the complete deployment procedures. The automation support allows users to significantly reduce time to deploy and deployment error. FlexPod automation delivers a fully automated solution deployment that covers all sections of the infrastructure and application layers. The Ansible playbooks, to configure the different sections of the solution invoke a set of Roles and consume the associated variables that are required to setup the solution. Based on the installation environment customers can choose to modify the variables to suit their requirements and proceed with the automated installation.
Users can leverage Ansible playbooks that have been designed to set up the ONTAP configuration with security best practices. It is assumed that the ONTAP base setup is in place as per the procedures mentioned in the FlexPod Base CVD before executing these Ansible playbooks. Features such as tag-based execution, and automated solution deployment enable replicating the manual deployment procedures and support the versatile use of Ansible playbooks according to the deployment scenarios. Users can execute specific tasks using the tags associated with the fine-grained tasks within the roles. This automation support enables users to deploy the ONTAP security configuration within minutes with the least error factor.
Conclusion
FlexPod is a proven secure architecture supporting both traditional and modern application workloads. FlexPod combined with Ansible automation helps customers to build repeatable building blocks that are continuously updated to align with the technology innovations incorporating the novel security best practices conforming to the joint reference architectures from Cisco and NetApp. With robust security features, the complete life cycle of cyber-security including prevention, protection, and recovery can be implemented with utmost confidence.
References
FlexPod Security Hardening GitHub Repository
FlexPod Datacenter Zero Trust Framework Design Guide
FlexPod Datacenter Zero Trust Framework Deployment Guide
FlexPod Base CVD
FlexPod Security Hardening (TR-4984-1123)
FlexPod ransomware protection & recovery (TR-4961)
... View more
In an era where data creation is skyrocketing, efficient data and storage management has become paramount.
More than ever, data teams are looking to streamline their data management effort by selecting future-proof storage solutions that not only handle vast amounts of data, but also provide flexibility and simplicity while keeping infrastructure and operational costs in check.
This guide walks you through the storage functionalities of the newly announced NetApp® BlueXP™ workload factory for AWS, a free-of-charge service designed to help you optimize your AWS storage efficiency via automated data and storage analysis, deployment, and management.
Read on as we cover:
What is workload factory?
How workload factory manages your storage in its entire lifecycle operation
Choosing your operational mode
Day 0 operations: Assess cost-saving options
Day 1 operations: Deploy FSx for ONTAP
Day 2 operations: Manage FSx for ONTAP
What’s next?
... View more
In Active IQ Unified Manager 9.8, you can bring your own excel sheets with customized reports. With this feature, you can customize existing UM reports by creating a formula, charts, etc, and upload it back into UM. Now each time the report is created manually or through a schedule, the customized report will be generated with the latest updated values. You can use this feature in 3 simple steps.
In this blog, we will walk you through how to bring in your own Excel for custom reporting.
... View more
AI requires scalable, accessible, and efficient data management; but many enterprises struggle to manage data seamlessly across hybrid and multi-cloud environments. The latest integration of Domino Volumes for NetApp ONTAP (DVNO) provides a solution – enabling rapid access to data across environments without DevOps overhead and reducing costs and processing times by up to 50%.
How? Domino’s first-party integration with NetApp’s intelligent data infrastructure doubles read performance and GPU throughput over previous configurations. For resource-intensive AI use cases requiring distributed GPU training, like computer vision and LLM training/fine-tuning, Domino customers can now run GPUs for half as long.
Create DVNO Volumes from Domino
With Domino's new DVNO feature, users can create storage volumes powered by NetApp ONTAP and BlueXP. This allows data scientists to provision scalable storage volumes directly within the Domino interface without IT involvement or DevOps work. This capability is especially valuable for large enterprise data science teams, who need quick and reliable access to data without waiting for infrastructure provisioning. By simplifying the volume creation process, teams can reduce delays, allowing them to focus on experimenting and iterating faster.
Figures 1 and 2: Creating a Domino Volume for NetApp ONTAP (DVNO) from Domino’s platform
Collaborate and Control Access to DVNO Volumes from Domino
DVNO volumes can be shared directly with other users through Domino. Data scientists can share volumes across projects, enabling straightforward access to shared datasets. Sharing data in this manner is crucial for enterprise-scale collaboration, allowing different teams and stakeholders to access consistent, up-to-date datasets without duplication or manual data transfer. This not only improves collaboration but also reduces storage overhead and potential inconsistencies.
Figure 3: Data scientists have self-service access to attach shared data volumes to executions, accelerating iteration and innovation across the model lifecycle.
Monitor DVNO Volumes from Domino
DVNO provides straightforward access control, enabling IT administrators to monitor permissions and data usage effectively through secure, consistent management across all environments. Standard data access patterns for developers and API users ensure seamless access, so users can securely share, update, or restrict access to volumes, ensuring sensitive data remains protected.
For data science teams, this level of control is essential to maintain compliance and meet enterprise security requirements, while still allowing the flexibility needed to work efficiently. IT teams can ensure that only authorized users have access, minimizing the risk of data breaches.
Figure 4: Domino application admins can see a list of all DVNO volumes and metadata, such as size and who has access.
Enhance Data Organization with User and Project-based Storage Volumes
By empowering data scientists to self-manage ONTAP volumes, DVNO enables teams to create dedicated storage volumes tailored to specific users, projects, or workflows. This structure simplifies data organization and enhances data governance by isolating access to sensitive datasets.
For IT teams, the ability of data scientists to independently manage volumes reduces the provisioning and maintenance workload, freeing up valuable resources for strategic initiatives rather than day-to-day support. It also means that each project has its own space, minimizing the risk of data conflicts, reducing storage overhead, and ensuring that each team member can work with the most relevant, up-to-date data—improving both productivity and security.
Figure 5: IT admins can see a list of all DVNO volumes and metadata, such as size, in BlueXP.
Conclusion
The Domino and NetApp partnership continues to evolve with deeper integrations to enhance AI lifecycle management and productivity. Intelligent data mobility, optimized hybrid operations, and seamless access to critical data are now available through the Domino Volumes for NetApp ONTAP integration. This allows data science teams to focus on building models without being slowed by data bottlenecks. Stay tuned for more developments as we expand our AI infrastructure capabilities.
Ready to learn more? Check out the Domino Volumes for NetApp ONTAP demo, read Domino’s recent press release, and discover more insights at domino.ai/partners/netapp.
... View more
For organizations that are invested in cloud and hybrid solutions, AWS re:Invent is one of the most important tech conferences to close out the year. NetApp is excited to participate and to share a few of the new solutions that our partnership with Amazon is bringing to market.
... View more