Welcome to my blog post on the security hardening guide for NetApp ONTAP! In this post, we will provide you with all the information you need to ensure the security of your NetApp ONTAP deployment. We will cover topics such as image validation, local storage administrator accounts, authentication methods, and more. So let’s dive in!
ONTAP Image Validation Image validation is an essential security measure that helps verify the authenticity and integrity of ONTAP images installed on your system.
In early 2023 NetApp released the new licensing model ONTAP One which made it possible for everyone with active support to get use of premium-priced features such as SnapLock and Anti Ransomware. In this post, I will cover how you download and enable the new license on your system
The license change is non-disruptive and you can enable the new unlocked features in a safe manner when you wish.
Step 1, pre-reqs Before you start you need;
Trident provides Prometheus metrics endpoints that you can use to monitor Trident, its performance, and understand your environment. In this blog, we’ll deep dive into how to install and configure Prometheus to monitor Trident.
I’ve set up my Kubernetes cluster with kubeadm, and it consists of four nodes, one master node, and three worker nodes. As Kubernetes has no built-in storage, I’ve deployed the software-defined version of NetApp ONTAP called ONTAP Select.
This was a new discovery for me! Maybe everyone already knows about the ONTAP Select vCenter Plug-in - but for me, it’s a new acquaintance. With the plug-in, you quickly deploy and manage ONTAP clusters on your VMware environment, all from vCenter.
Let us start with what ONTAP Select is and go through the architecture of the ONTAP Select deployment process.
What is ONTAP Select? ONTAP Select is the software-defined version of NetApp’s storage operating system ONTAP.
I’m on my way to deploying Kubernetes the hard way, following Kelsey Hightowers GitHub tutorial. The guide uses GCP for compute resources, but I want to utilize my home lab based on VMware, and I want to do it in a cloud fashion, with Infrastructure as Code. For this, I leverage tools like Packer and Terraform. In my previous post, I showed you how to build a VM template on vSphere with Packer.
I have a home lab in my basement for learning purposes and to be able to create useful content on this blog. My next mission is to learn more about Kubernetes and advance my knowledge of IaC and Linux. For this, I need a consistent way to build and deploy Ubuntu VM’s. In this post, I’ll show you how I use Packer to create VM templates on vSphere.
What is Packer?
We all know Kubernetes is winning the container orchestration battle. We’ve seen a shift in application development and operations. Historically, software vendors shipped .EXE files to customers, small and large. The update cycle meant a new .EXE release every 6-12 months, or something similar.
Now, the reality is that more and more software vendors turn to containers as shipping their products. Containers provide the ability to re-create the application regardless of the environment, both in development and production.
In my home lab, I like to automate as much as possible so I can bring stuff up/down quickly. To achieve this I use several tools such as Ansible, Terraform and PowerShell. This time I decided on using PowerShell to quickly bring up VCD with the same settings every time.
This script deploys the appliance and please, edit the settings to fit your environment.
First, you need to download the VCD Appliance 10.
Recently, I found a configuration issue on a VMware cluster running on DellEMC hardware. Initially, they were vulnerable to the L1 Terminal Fault CVE-2018-3646, to mitigate we disabled HT in the BIOS of the hosts. As time passed, VMware released software updates to mitigate these issues. We did install the patches, but the disabled HT stayed the same. When the problem came to light, I decided to put Ansible to work as I did not want to perform manual work on the entire cluster.
In the year 2019(it feels like a million years ago, right?!), I started my VMware Certification journey. In short, I passed my first VCP6, renewed it to 2019, and passed the VMware Cloud Provider Specialist exam. After a successful 2019, I went on parental leave from November to February. Now, when I’m back in action, I need to continue expanding my knowledge and have new goals to achieve in 2020. At first, I thought about going after the AZ-103 exam because some of my colleagues are going down the Azure route, but, as I’m already a VCP, I think it’s wrong not to continue to the advanced certifications.