Tech ONTAP Blogs

FlexPod: Security coupled with Automation enhances your infrastructure protection

Kamini
NetApp
216 Views

Data centers house critical business applications and sensitive information, making them prime cyberattack targets. Effective security measures ensure business continuity and protect against data breaches, which can have severe financial and reputational consequences. NetApp and Cisco products are vitally hardened with inventive and reliable security best practices at all stages of product implementation (design, hardware implementation, and software development) to ensure there is no compromise in any stack. These products are also backed by vigorous certifications to verify the assertions. This alliance offers FlexPod as a secure infrastructure solution for businesses that are mindful of their security aspect.

FlexPod

Offered jointly by NetApp and Cisco, FlexPod Datacenter is a full-stack robust secure architecture. FlexPod consists of Cisco UCS servers, Cisco Nexus switches, Cisco MDS switches, and NetApp ONTAP storage controllers. It supports all kinds of critical business workloads from virtualization, databases, AI/ML, healthcare, containers, and beyond. Bundled with effective automation, FlexPod solution delivers reliability, flexibility, and simple manageability for businesses.

Kamini_1-1732622121058.png

FlexPod with Security

From the ground up, each component in the FlexPod stack does not compromise on security. Both NetApp and Cisco are committed to build security from inception, and this is verified by robust product certifications including FIPS 140-2/140-3, ISO 27001, CSfC, etc. For effective deployment of these security products, FlexPod security solutions serve all the necessary guidelines and best-practice procedures to implement critical business use cases.

FlexPod Security Hardening TR is one of the first solutions from NetApp that offers guidance and configuration examples at network, storage, compute, and virtualization layers to harden FlexPod infrastructure security and help organizations achieve their security objectives.

FlexPod Datacenter Zero Trust Framework CVD is a joint solution from Cisco and NetApp that leverages several technologies and security products to incorporate segmentation and control (multi-tenancy design using VRF, VLANs), visibility and monitoring (network and OS level visibility and anomaly detection), threat protection and response into the infrastructure. This solution incorporates various security products and components providing a robust framework that extends to all layers, including network, compute, hypervisor, and storage and includes implementation of tenant-based segmentation. The Zero Trust framework for FlexPod solution utilizes multiple additional security components by Cisco and NetApp including Cisco Secure Firewall Threat Defense (FTD), Cisco Secure Network Analytics (previously Stealthwatch) to provide visibility and monitoring, Cisco Secure Workload (previously Tetration), and NetApp Autonomous Ransomware Protection (ARP) to provide threat protection and response. 

ONTAP Security

ONTAP provides a set of controls that allows you to harden the ONTAP storage operating system, the industry's leading data management software. Using the guidance and configuration settings for ONTAP helps your organizations meet prescribed security objectives for information system confidentiality, integrity, and availability. Some of the important features that secure ONTAP systems include multi-admin verification (MAV), multi-tenancy (multiple IPspaces), ONTAP Fpolicy, Autonomous Ransomware Protection etc.

Ansible Automation

Leveraging the power of programming, automation enables simplification of the complete deployment procedures. The automation support allows users to significantly reduce time to deploy and deployment error. FlexPod automation delivers a fully automated solution deployment that covers all sections of the infrastructure and application layers. The Ansible playbooks, to configure the different sections of the solution invoke a set of Roles and consume the associated variables that are required to setup the solution. Based on the installation environment customers can choose to modify the variables to suit their requirements and proceed with the automated installation.

Users can leverage Ansible playbooks that have been designed to set up the ONTAP configuration with security best practices. It is assumed that the ONTAP base setup is in place as per the procedures mentioned in the FlexPod Base CVD before executing these Ansible playbooks. Features such as tag-based execution, and automated solution deployment enable replicating the manual deployment procedures and support the versatile use of Ansible playbooks according to the deployment scenarios. Users can execute specific tasks using the tags associated with the fine-grained tasks within the roles. This automation support enables users to deploy the ONTAP security configuration within minutes with the least error factor.

Conclusion

FlexPod is a proven secure architecture supporting both traditional and modern application workloads. FlexPod combined with Ansible automation helps customers to build repeatable building blocks that are continuously updated to align with the technology innovations incorporating the novel security best practices conforming to the joint reference architectures from Cisco and NetApp. With robust security features, the complete life cycle of cyber-security including prevention, protection, and recovery can be implemented with utmost confidence.

References

Public