Quantcast
Channel: ONTAP Discussions topics
Viewing all 4951 articles
Browse latest View live

Add a rule to all export policies

November 14, 2017, 8:26 am
$
0
0

We are setting up a Varonis server and found out that we need to add a rule to all export policies to allow access from that server.  I wanted to confirm that the command below would add the rule we had in mind (assuming there aren't any existing rules with index 78, which there aren't) while preservinga ll other existing rules?  While onthe topic of rule index, is there any issue with setting one so high or should we stick as close as we can to the highest numer of items that we have and drop that to -ruleindex 10 for instance?

 

export-policy rule create -policyname * -clientmatch 172.22.16.83/32 -rorule sys -rwrule sys -allow-suid true -superuser any -allow-dev true -protocol nfs -ruleindex 78

Search

OnCommand Unified Manager

November 14, 2017, 3:45 pm
$
0
0

Hello,

 

I just installed the Windows version 7.2P.  I added the cluster using the same IP address as the one we use OnCommand System Manager (when we connect to manage our storage).

 

It was successful, but the discovery process has been runnig for almost 2 hours now (State in progress).  Is this unusual?  Am I using the correct IP address (figure thats the only one that makes sense)?

 

 

Also, can you use both OnCommand Systems Manager & OnCommand Unified Manager at the same time?

 

 

Thanks,

TT

 

 

Move a raidgroup to another shell

November 15, 2017, 4:55 am
$
0
0

Hi,

 

I have 2 shelves with each 2 raidgroups.

 

2 questions:

 

A)

 

shelve1 with disks of 200 GB (RG1) and 1 with disks 400 GB (RG2)

shelve2 with disks of 400 GB (RG3) and 1 with disks of 800 Gb (RG4)

 

Is it possible in cDOT 9.1 to move all the disks of RG3 from shelve2 to shelve1 and at the same time move the raidgroup of RG2 to shelve 2 without loosing any data ?

 

B)

 

Is it possible to create an aggregate containing 2 raidgroups which are physically on another shelve ?

 

Regards,

 

Johan

 

 

 

ONTAP Recipes: Easily use QoS Max to prevent a FlexGroup from becoming a bully object

November 15, 2017, 5:51 am
$
0
0

ONTAP Recipes: Did you know you can…? 

 

Easily use QoS Max to prevent a FlexGroup from becoming a bully object 

 

Problem:  There is no throttle/mechanism to prevent a FlexGroup from consuming more resource than needed and eventually become a bully.

 

Let’s consider the scenario of a Production and Test workloads for this recipe and see how we are trying to avoid the Test workload from becoming a bully.

 

Solution:

 

Use ONTAP QoS Max/Ceilings to limit the test workloads in both IOPS and throughput. By limiting the test workloads, the production workloads will get their required performance met. QoS Max/ceilings for FlexGroup is a new feature in ONTAP 9.3.

 

It is available using the command line interface (CLI) and application programming interface (API). QoS Max/Ceilings for FlexGroups supports both NFS and CIFS protocols.

 

Problem Example:

Figure 1 shows an ONTAP cluster with a FlexGroup provisioned for production applications and a second FlexGroup provisioned for test applications. Without QoS, the test workloads are interfering with production workloads resulting in slow application response time.

 

Picture1.png

 

Figure 1: FlexGroup used for Production Applications is not meeting its required service level due to interference from Test workloads

 

Solution Example:

Use ONTAP QoS ceilings to limit the test workload both in IOPS and throughput.

 

Using ONTAP command line interface (CLI):

 

1. Create a QoS policy with a ceiling of 500IOPS and 2 megabytes/sec (4K block size).

 

::> qos policy-group create -policy-group test_policy -max-throughput 500IOPS,2MB

 

2.Assign the test FlexGroup to the QoS policy

 

::> volume modify -volume test_flexgroup -qos-policy-group test_policy

 

[Job 40] Job succeeded: volume modify succeeded

 

 

Using OnCommand System Manager:

 

1. Verify the test FlexGroup is limited by QoS and is not impacting the production workload.

 

2. Both the test and production FlexGroup have a load of 2000IOPS with a block size of 4K

 

3. The test workload is QoS limited to 500IOPS and 2MB throughput. Since the offered load to the test FlexGroup is 2000IOPS there is QoS induced latency of ~30 milliseconds.

 

The production workload is not QoS limited and is able to serve 2000IOPS with no QoS induced latency.

 

Picture2.png

 

Figure 2: Use System Manager to verify the production workload is no longer impacted

 

Picture3.png

 

Figure 3: Use System Manager to verify the test workload is QoS limited

 

 

For more information, see the ONTAP 9 documentation center

 

 

 

ONTAP Recipes: Easily configure Cluster and SVM peering in ONTAP 9.3

November 15, 2017, 6:21 am
$
0
0

ONTAP Recipes: Did you know you can…? 

 

Easily configure cluster and SVM peering in ONTAP 9.3

 

In ONTAP 9.3, you can use the generate passphrase feature to create a peer relationship with a cluster whose intercluster LIF IP addresses you don't know in advance. You can also “pre-authorize” peer relationships for multiple SVMs on the destination cluster.

 

This recipe highlights the steps below:

 

  1. On the data protection destination cluster, create a cluster peer relationship with an unspecified remote cluster, and pre-authorize SVM peer relationships with the SVM “vs1” on the destination cluster:

cluster02::> cluster peer create -generate-passphrase -offer-expiration 2days -initial-allowed-vserver-peers vs1

 

  Passphrase: UCa+6lRVICXeL/gq1WrK7ShR

 Expiration Time: 6/7/2017 08:16:10 EST

 Initial Allowed Vserver Peers: vs1

 Intercluster LIF IP: 192.140.112.101

 Peer Cluster Name: Clus_7ShR (temporary generated)

 

 

 2. Send the generated passphrase in a secure email to the administrator of the data protection source cluster.

 

 3. On the data protection source cluster, use the generated passphrase to authenticate the source cluster to the destination cluster (make sure to authenticate the cluster before the passphrase expires):

 

cluster01::> cluster peer create -peer-addrs 192.140.112.101

 

Enter the passphrase:

Confirm the passphrase:

 

4. On the data protection source cluster, create a peer relationship between the local SVM “pvs1” and the pre-authorized SVM “vs1” on the data protection destination cluster:

 

cluster01::> vserver peer create -vserver pvs1 -peer-vserver vs1

 

For more information, see the ONTAP 9 documentation center

 

 

 

 

Can we create Cifs and Iscsi lif's on same interface

November 15, 2017, 6:57 am
$
0
0

Hi Team,

 

 

I have an existing setup with iscsi lifs and SVM. I want to use same SVM and same port for cifs. But i know that we can not use same lifs for cifs and iscsi. Can i create new lifs for cifs on the same port where the iscsi lifs were hosted on?

ONTAP upgrade

November 15, 2017, 3:18 pm
$
0
0

 

Per user support recommendation for an upgrade, there will need to be a maintenance windows when CIFS is being used.  Eventhough we have two controllers (FAS2650), is this true?  

 

 

On a typical upgrade, how long does it take for two controllers?

 

Thanks,

TT

Why has LIF rebalancing been deprecated!?

November 16, 2017, 3:03 am
$
0
0

Hi all,

 

we are currently discussing how to balance heavy NFS v3 loads on our 4-node cluster.

 

It seems to boil down to using off-box DNS balancing to distribute the NFS-traffic to the least used node, but only works works for new connections.

 

What I found really interesting is the now deprecated feature of LIF rebalancing.

 

Can anyone tell me why it has been deprecated as per ONTAP 9.3 release:

 

"The automatic LIF rebalancing feature, which allowed LIFs to automatically migrate to a less-used port based on the load balancing weights assigned to the LIFs, is deprecated from ONTAP 9."

 

 

 

The only downside I can see in LIF rebalancing is the fact that LIFs might not be home anymore which could be confusing.

 

What am I missing here?

 

Thanks for any insight.

 

Peter

Search

Cannot deploy Ontap Select evaluation ovf

November 16, 2017, 10:51 am
$
0
0

Hello,

 

I'm trying to deploy the ontap select evaluation ova downloaded 2 days ago on an ESX 6.5 host with a vcsa 6.5.

 

If I try to deploy directly from the ESXi host, it asks for 2 ip adresses (node and cluster) + netmask + gateway. Logical. But in the end the deployed VM has no ip adress and connectivity.

 

OK, the documentation states that it must be deployed from vCenter. So I tried deploying the ova from vCenter, but there it only asks for a single ip address, no gateway, and when I try to start the VM , it fails with error "Property 'Cluster Management  ip address' must be configured for the VM to power on."

 

What am I doing wrong, and how to fix this?

 

Thanks.

Volume and lun sizes

November 16, 2017, 2:07 pm
$
0
0

Dear Experts,

 

I have few queries related to volume and lun size best practices. in 7-mode we have volume limitation to 500 so people may prefer bigger volume with more no of luns.

What is the best practice to follow whether to go with small size luns are big  size luns and the corresponding volume sizes. As there is volume limitation is 7-mode usually will go with bigger volumes with multiple luns is that a good practice to get max performance.

 

Regards,

Krishgudd

Service Processor Card Security - TLS

November 17, 2017, 12:56 am
$
0
0

Hi,

 

We would like to improve security on our SP Cards (Service Processor) by disabling TLS 1.0 and 1.1 and removing 3DES cipher. All Storage devices are on ONTAP9.1P1. Our current scenarion when running SSL checkers against the card IPs shows the following output.

 

testsslserver <SP Card IP Address> 50000
Supported versions:
 TLSv1.0 TLSv1.1 TLSv1.2
Deflate compression: no
Supported cipher suites (ORDER IS NOT SIGNIFICANT):
  TLSv1.0
     RSA_WITH_3DES_EDE_CBC_SHA
     RSA_WITH_AES_128_CBC_SHA
     RSA_WITH_AES_256_CBC_SHA
     RSA_WITH_CAMELLIA_128_CBC_SHA
     RSA_WITH_CAMELLIA_256_CBC_SHA
  (TLSv1.1: idem)
  TLSv1.2
     RSA_WITH_3DES_EDE_CBC_SHA
     RSA_WITH_AES_128_CBC_SHA
     RSA_WITH_AES_256_CBC_SHA
     RSA_WITH_AES_128_CBC_SHA256
     RSA_WITH_AES_256_CBC_SHA256
     RSA_WITH_CAMELLIA_128_CBC_SHA
     RSA_WITH_CAMELLIA_256_CBC_SHA
     TLS_RSA_WITH_AES_128_GCM_SHA256
     TLS_RSA_WITH_AES_256_GCM_SHA384
----------------------
Server certificate(s):
  e50304b62d8f97bff54a6a3dbac0eaf1cbdcf6b7: E="", OU="", O="", L="", S="", C="", CN=sp.spcs.server
----------------------
Minimal encryption strength:     strong encryption (96-bit or more)
Achievable encryption strength:  strong encryption (96-bit or more)
BEAST status: vulnerable
CRIME status: protected

 

 

The NETAPP device itself has only TLS1.2 only enabled and has resticted ciphers allowed

 

ie.

<Cluster name>::*> security config show
          Cluster                                              Cluster Security
Interface FIPS Mode  Supported Protocols     Supported Ciphers Config Ready
--------- ---------- ----------------------- ----------------- ----------------
SSL       false              TLSv1.2                 AES:!LOW:!MEDIUM: yes
                                                                  !aNULL:!EXP:
                                                                  !eNULL:!3DES

 

 

We have asked NETAPP support for assistance with this. There recommendations have centered around altering the storage device Security Config by enabling FIPS. I am not  convinced that this will make any difference whatsoever to the SP card security profile and even it is does it will require Node Reboots to complete the alteration. All of our netapp devices host CIFS shares so unfortunately as a consequence Node reboots will involve some service disruption.

 

Has anyone else encountered this before and does anyone have any recommendations or knowledge relevant to SP Card security? I am surprised by the lack of available information

 

thank you,

D

 

 

NetApp MPIO on Server 2016 - Supported?!

November 17, 2017, 3:29 am
$
0
0

Hey guys,

 

I cannot find support of NetApp's DSM for Window Server 2016. Will this be added in the future or is the "MS MPIO" the only way to go with Server 2016 systems?

 

Thanks!

 


Chris

How modern day concepts are reshaping mobile applications in 2018?

November 16, 2017, 10:25 am
$
0
0

It is absolutely correct that the latest technological appraisal have brought a considerable number of changes and advancements in the area of mobile apps development across the world. Now mobile users demand more creative and intelligent mobile apps than ever before. A number of renowned businesses from all over the world have considerably reported rapid growth by considering mobile apps as an integral component for today’s business development strategies.

Starting from the business sector where a huge demand for artificial intelligence and machine learning is on the edge up to the most modern form of mobile gaming and entertainment where virtual reality and wearables have set newer trends in the industry, it is just the beginning of a new mobile environment. App developers from a renowned mobile application development company added that the newer concepts and technologies have enriched the area of study and development as well for them.

ONTAP Recipes: Easily Create a NAS Application Container in ONTAP 9.3

November 20, 2017, 10:02 pm
$
0
0

ONTAP Recipes: Did you know you can…?

 

Easily Create a NAS Application Container in ONTAP 9.3

 

To create a NAS Application Container for use over NFS without compromising application or overall system performance, follow these steps in OnCommand System Manager:

 

1. Select the SVM

 

2. Click Applications & Tiers

 

3. Click Applications

 

4. Click Add an Application

 

5. In the “General Applications” Add NAS Container page, specify the following:

 

  • The Application Name 
  • The size
  • The storage service level

6. In ONTAP 9.3 with Adaptive QoS, the floor and ceiling IOPS values adjust automatically based on space capacity used by the application.

 

There are 3 default Adaptive QoS policies in ONTAP (Extreme, Performance, Value) along with the ability to create custom policies.

 

::> qos adaptive-policy-group show

 

                                                             Expected             Peak

Name               Vserver     Wklds         IOPS                    IOPS

----                    -------           -----         --------------           ---------

extreme           cluster           0             6144IOPS/TB     12288IOPS/TB

performance    cluster           0             2048IOPS/TB     4096IOPS/TB

value                cluster           0             128IOPS/TB        512IOPS/TB

 

E.g: For a 1TB application with “Value” specified, the floor and ceiling start at 128 IOPS. As more space is used by the application the ceiling increases to a maximum of 512 IOPS.

 

7. Select NFS as the protocol used to access the application

 

8. Set the host IP addresses that will access the application

 

Picture1.png

 

After creation, details of the application components will be displayed in the System Manager summary

 

 

For more information, see the ONTAP 9 documentation center

 

 

Snapshots taking space inside a datastore

November 21, 2017, 8:07 am
$
0
0

I'm using snapshots on NFS volumes that are being used as VMware datastores.   VMware sees a datastore size of 4TB.  The NetApp volume itself is 5TB, so that the extra 1TB of space can be used for snapshots.  However, it seems that even though snapshots are only 200TB, they are reducing the free space available in the VMware datastore.  What could be causing this and what setting in NetApp controls this?

 

Thanks!

Search

FAS2050 HA Pair: Unable to boot filer

November 21, 2017, 9:25 am
$
0
0

Hello Team,

 

We have two  FAS2050 Filers (st10 & st11) with HA pair configured running OnTAP7.3.6. Recently, one of the filer st10 is broken and we have replaced the hard disks of the filer. When we tried to boot the filer we couldnt able to as it shows aggr0 has been failed the root partition. We tried to recover/diagnostics/scan, but nothing worked out. We have enabled takeover on st11 and it can able to takeover and we could see the partitions of st10 from st11. However, we couldnt able to boot st10 and we have data stored on st10. Can you please help us in this issue? 

 

1.  When we run disk show, we found some of the disks of st10 was owned by st11. Is there anyway we can get back the ownership?

2. Is there anyway we can enable takeover and access st10 volumes through st11 to copy the data?

 

We need to retrieve the data as the snapmirror also been failed and any help would be greatly appreciated since we already spend days on this issue and nothing worked out.

 

thanks

britto.

OSSV reader.log file

November 22, 2017, 9:33 pm
$
0
0

HI ,

 

We have issues with spaces on C drive of a server which is been backed up by OSSV.  the Netapp folder is around 23 GB with the reader.log file around 13.3 Gb. can we delete or move the reader.log file to create more space.

 

 

 

Does cDOT 8.3 supports GUI access for AD domain groups, just as for ssh & ontap?

November 23, 2017, 3:25 am
$
0
0

Hi Guys,

 

Does cDOT 8.3 supports GUI access for AD domain groups, just as for ssh & ontap? If not, then is it documented somewhere?

 

Thanks,

-Ashwin

Tiebreaker Cannot start

November 23, 2017, 9:22 am
$
0
0

Hello,

 

I'm already install tibreaker for metrocluster, but failed to start

 

[root@jkthotbr ~]# netapp-metrocluster-tiebreaker-software-cli
Permission denied. Root privilege is required.

 

 

does anyone have the same issue in the past? access is already "root"

mcc.jpg

 

 

Add a Netapp local user to a CIFS share

November 24, 2017, 12:50 pm
$
0
0

I am running Netapp 9.0P3.   I have a need to use a non Active Directory user (local user).   I have defined a local user on the filer.   I go into the Windows Security tab on the share and select Edit to add a new user.   I select the IP address of the filer and enter the local user name but Windows gives me a message the user can not be found.   Does anyone have an idea on how to make this work or if this is possible?   I am working with netapp support but the resource I am working with is unavailable until Monday.   Thanks

 

Viewing all 4951 articles
Browse latest View live
Search