Behind the Scenes Episode 347: NetApp ONTAP 9.12.1 Overview

Welcome to the Episode 347, part of the continuing series called “Behind the Scenes of the NetApp Tech ONTAP Podcast.”

2019-insight-design2-warhol-gophers

This week, Keith Aasen (keitha@netapp.com) and Ken Mencher (mencher@netapp.com) from the ONTAP product team join us to discuss what’s in ONTAP 9.12.1!

We cover:

  • Important FlexCache and S3 enhancements
  • Security advancements
  • BlueXP

And much more!

For more information:

Tech ONTAP Community

We also now have a presence on the NetApp Communities page. You can subscribe there to get emails when we have new episodes.

Tech ONTAP Podcast Community

techontap_banner2

Finding the Podcast

You can find this week’s episode here:

I’ve also resurrected the YouTube playlist. You can find this week’s episode here:

You can also find the Tech ONTAP Podcast on:

I also recently got asked how to leverage RSS for the podcast. You can do that here:

http://feeds.soundcloud.com/users/soundcloud:users:164421460/sounds.rss

Transcription

The following transcript was generated using Adobe Premiere’s speech to text service and then further edited. As it is AI generated, YMMV.

Episode 347: NetApp ONTAP 9.12.1 Overview – Transcript

00;00;00;20 – 00;00;07;13
Justin Parisi
This week on the Tech ONTAP podcast, we cover the latest release of ONTAP 9.12.1.

00;00;07;13 – 00;00;29;06
Podcast intro
[TechONTAP podcast intro]

00;00;31;21 – 00;00;48;18
Justin Parisi
Hello and welcome to the Tech ONTAP podcast. My name is Justin Parisi. I’m here in the basement of my house and on the phone we have a couple of special guests to talk to us all about the latest release of NetApp ONTAP 9.12.1. So Keith Aasen is in the house. Keith, what do you do here at NetApp? How do we reach you?

00;00;49;01 – 00;00;56;26
Keith Aasen
Hey, Justin. Keith Aasen here. I am a senior product manager in the ONTAP organization. Easiest way to reach me is keitha@netapp.com.

00;00;57;11 – 00;01;05;06
Justin Parisi
All right. And also with us, first time podcast guest, Ken Mencher. Ken, what do you do here at NetApp? How do we reach you?

00;01;06;10 – 00;01;21;15
Ken Mencher
Hey, Justin. So I am a senior product manager for core ONTAP and performance here at NetApp. My email is probably the easiest way to reach me, mencher@netapp,com.

00;01;22;14 – 00;01;38;01
Justin Parisi
All right. Ken and I go way back to the support days can actually started in our – I guess our outsourced Convergys office and then he worked his way up the ranks and made his way all the way to product manager, where now he can retire happily, I guess. I don’t know what’s next. Ken, CEO?

00;01;39;27 – 00;01;42;20
Ken Mencher
No, I don’t think so. I think that’s a little busy for me.

00;01;42;20 – 00;01;59;01
Justin Parisi
Yeah, I think it’s a little busy for me, too. All right. So we’re not here to talk about Ken’s career trajectory. We’re here to talk about NetApp, ONTAP 9.12.1. So to do that, we brought these two in because of course, they are the ONTAP experts. So to start with, we’ll start with Keith. Keith, what’s new in ONTAP 9.12.1 for security?

00;01;59;06 – 00;02;11;11
Keith Aasen
So much in security. You know, the last couple of versions. I feel a bit like a broken record saying here’s all the new things we’re doing in security. But they’re stacking on tap – on top of each other in that – on top of each other. Interesting. Almost made a pun there…

00;02;11;11 – 00;02;12;04
Justin Parisi
ONTAP of each other? What?

00;02;12;04 – 00;02;27;29
Keith Aasen
ONTAP of each other. Yeah. And that could work. So this is why I’m in product management, not in marketing, but it is such a core focus when we have customers come into the EBCs and we ask them sort of, “hey, what’s top of mind, what’s what’s keeping you up at night?” You know, it’s security. You know, that that is a reoccurring theme.

00;02;27;29 – 00;02;49;29
Keith Aasen
And so the ONTAP 9.12.1 release has a ton of security enhancements. You know, first and foremost are this concept of tamper-proof snapshots that are backed by SnapLock. It’s a bit of a mouthful, but it’s an incredibly secure way of of creating these secure recovery points that protect against ransomware. And then and then on top of that, we have a ton of other enhancements.

00;02;50;08 – 00;02;56;24
Keith Aasen
You know, we can dive into some of some of those. They might be minor for some folks, but I think are things that people have been waiting a long time from a security standpoint.

00;02;57;00 – 00;03;11;21
Justin Parisi
So yeah, like I know we have the automatic ransomware detection feature in there. So how are we building on top of that? Like what are we adding to that? Because with security, of course, there’s going to be new features in every release is it has to be because things are changing constantly. We need to make sure we protect our environments a little better.

00;03;12;01 – 00;03;16;02
Justin Parisi
So tell me more about what’s going on with the ransomware detection piece.

00;03;16;02 – 00;03;34;11
Keith Aasen
Sure. So on the ransomware protection piece, that was really a unique way of having ONTAP, you know, asynchronously watch file shares for indications of ransomware attacking. And when it does, you know, triggering a recovery point, you have that recovery point very, very close to the attack. You know, it gives you your least amount of data that’s been damaged.

00;03;34;11 – 00;03;58;22
Keith Aasen
Admittedly, we’re seeing a bit of a change from, you know, sophistication. Ransomware has realized that if they’re trying to attack NetApp customers, we’ve got these recovery points. And so, you know, one of the things that we’re seeing is, malware that comes in rather than just sort of blindly starting to encrypt things, they’ll lie dormant. And the first phase of the attack is simply to catch keystrokes and hopefully catch administrator credentials.

00;03;58;22 – 00;04;22;03
Keith Aasen
So they’ll try to spread in the organization, try to get to a storage administrator and then, you know, try to compromise the storage. If they do that, they can then destroy recovery points. They destroy backups, destroy backup copies, destroy snapshots prior to the ransomware kicking off. And that, you know, really forces your hand at paying the ransom. So one of the major enhancements is to make sure that those recovery points can’t be destroyed.

00;04;22;16 – 00;04;46;04
Keith Aasen
Now, we started this journey with ONTAP 9.11.1 where we added multi-admin verify where we can set it up and enable it so that you need more than one administrator to destroy a snapshot. And so what we really like what that is. It makes sure that snapshots are secure and if you do need to destroy one or delete a snapshot, you’re not sitting in a support queue, you know, waiting for somebody within the support organization to release your snapshot.

00;04;46;04 – 00;05;08;15
Keith Aasen
If you’re filling up with space, you probably want to hurry that along. So multi-admin verify will allow you within your own organization to have, you know, another layer of protection against these snapshots being destroyed. But then in 9.12.1, we up it even further to give you the ability to, on a scheduled basis, create recovery points that can’t be deleted, can’t be destroyed, and they’re time locked, essentially.

00;05;08;15 – 00;05;19;01
Keith Aasen
So I can create them for, you know, hours, days or weeks and really nothing until that time expires can destroy that snapshot, making sure that I can guarantee that recovery point exists.

00;05;19;10 – 00;05;30;03
Justin Parisi
So this sounds a lot like the feature we’ve had for a while called SnapLock. Are we leveraging that technology, and if so, are we requiring a SnapLock license to do this? Or is it simply part of the Ransomware Protection Bundle?

00;05;30;19 – 00;05;50;14
Keith Aasen
I’m glad you brought that up. It is backed by SnapLock. It uses SnapLock technologies under the covers. So it does require the SnapLock license. But, other kind of late breaking news for the partners and NetApp-ers out there. We’ve brought back the security and compliance bundle. So the security and compliance bundle includes SnapLock and autonomous ransomware protection along with the multi-tenant key manager.

00;05;50;24 – 00;06;04;03
Keith Aasen
And that will be the go forward way of selling those three licenses. It’s a more affordable way. It’s easier to license and certainly easier to retrofit on existing systems. So that’s going to be the way going forward. So you will need that bundle to have these tamper proof snapshots.

00;06;04;07 – 00;06;21;18
Justin Parisi
And I guess it also builds on that previous feature with SnapLock, where we basically took away the need to SnapLock entire aggregates, right. You had the aggregate-level SnapLock. Now you have volume-level SnapLock, you have more flexibility and you don’t require an entire aggregate to be taken away for use of compliance.

00;06;21;19 – 00;06;44;18
Keith Aasen
Yeah. Yeah. They can live anywhere. Now, the other interesting little thing that these tamper-proof snapshots give you is if I actually want to have this secure recovery point previously, I could create a snap lock volume, as you said, and then copy snapshots over to it. But that volume is read only forever. So although it gives me this secure recovery point, I can’t use that in a disaster scenario, right?

00;06;44;19 – 00;07;08;29
Keith Aasen
Even if I FlexClone it, that FlexClone is still read-only. And that’s just the nature of how SnapLock works. It’s a backup copy, but not a DR copy. But these tamper proof snapshots give me the ability to have these protected recovery points on a regular SnapMirrored volume. A secondary volume, which means I have protected recovery points, but in the event of a disaster I can actually still fail over. The volume itself isn’t SnapLock, so I can still feel over to it.

00;07;08;29 – 00;07;16;13
Keith Aasen
So again, it potentially could reduce the number of copies of data I require from three down to two. You know, some big advantages in that as well.

00;07;16;15 – 00;07;21;00
Justin Parisi
So what else do we have with security? Anything else interesting in ONTAP 9.12.1 there?

00;07;21;16 – 00;07;39;17
Keith Aasen
Yeah, yeah. It’s tons of things. So the first thing we put into it is we put in this really nice dashboard in System Manager. Now it’s a great security dashboard to see all of the security things that you probably should be doing in your environment and whether you’ve done them or not. And then each one has a really simple set up to enable it, but a few extra things are in there.

00;07;39;17 – 00;08;00;14
Keith Aasen
One is enabling multi-factor authentication to the command line. Anybody who’s ever played around in the ONTAP command line realize you can do some pretty powerful things in there. And so you want to make sure that you really secure that command line access if you’re trying to access it via SSH. So we’re going to have multi-factor authentication there and we’ve added using that same sort of SnapLock technology, something that doesn’t require the license.

00;08;00;14 – 00;08;17;16
Keith Aasen
But we made all of the logs on the ONTAP system, tamper proof or indelible. So you can’t delete logs, you can’t modify the logs. So if you had a rogue admin or you did have a compromised set of credentials that they going in there try to change security settings or change schedules and then try to cover that up, can’t be done.

00;08;17;16 – 00;08;33;24
Keith Aasen
Right. And then on top of that, there’s a number of other sort of minor enhancements around, you know, if I am pulling all my logs into a centralized syslog server, that transfer now happens in a secure fashion as well. Just making sure that I’m getting those logs to a secure location so they’re protected and can be audited after the fact.

00;08;33;24 – 00;09;01;19
Justin Parisi
I remember in the support days we actually had a customer whose admin got caught modifying logs because they made a booboo. They didn’t want to get found out, so they went in and modified some logs, but it didn’t really work out for them because we have all of supports and hey, what’s going on here? But yeah, I mean it’s a good feature to have to be able to prevent rogue admins or anyone from going in there and changing log files because those are critical to your business to understanding what’s been going on.

00;09;01;19 – 00;09;07;22
Keith Aasen
You almost have to respect them for having the creativity to try to cover their tracks, but we’ll make sure that doesn’t occur.

00;09;08;13 – 00;09;11;01
Justin Parisi
There you go. What about System Manager?

00;09;11;09 – 00;09;38;00
Keith Aasen
One thing that we’ll call and system manager that actually appeared in 9.11. But I’ll admit, I live and breathe on top and I missed it in 9.11. So why can I call it out now, which is this easy fpolicy setup. So I fpolicy is one of those kind of secret superheroes that we’ve always had – well, almost always had – that will block file extensions. And, man, blocking a file extension doesn’t cost you anything from a performance standpoint, what an easy way of stopping an encryption software in its tracks.

00;09;38;11 – 00;10;01;22
Keith Aasen
And so what we’ve done in System Manager is we’ve preloaded a policy that will block over 3000 of the most commonly known ransomware file extensions. And so you can basically one-click turn on this file policy, this fpolicy, that will block those files from being created. So, you know, if you do have some malware trying to copy or create new files of those types, you just get shut down.

00;10;01;22 – 00;10;04;21
Keith Aasen
So, making System Manager, so easy to block that kind of attack.

00;10;04;25 – 00;10;09;12
Justin Parisi
I mean, you say there’s no performance, impact, but I’d say there is impact to the ransomware performance.

00;10;10;24 – 00;10;13;24
Keith Aasen
Yes, there is definitely impact to their performance

00;10;13;24 – 00;10;18;19
Justin Parisi
Latency goes sky high for those ransomware files. Right?

00;10;18;19 – 00;10;20;15
Keith Aasen
Yes, exactly. Exactly.

00;10;20;26 – 00;10;25;26
Justin Parisi
All right. Cool. Sounds like we got some good security stuff in there. Anything else you want to add? Before we move on to the next topic.

00;10;25;28 – 00;10;36;10
Keith Aasen
Let’s dove into some of the under the covers performance and scalability things we’ve put in there. But make sure you come back to me because I want to talk about System Manager and how it ties into this larger framework that we’re going to hear a lot more about.

00;10;36;15 – 00;10;37;22
Justin Parisi
I’ll take it under consideration, Keith.

00;10;37;22 – 00;10;39;19
Keith Aasen
Sounds good.

00;10;39;26 – 00;10;48;12
Justin Parisi
All right. So speaking of latency and performance, we’ve got Ken here. Ken, what’s going on with performance in ONTAP 9.12.1? What are we doing there?

00;10;48;20 – 00;11;19;02
Ken Mencher
We’re looking at some of our customers who are really pushing the limits on high performance. NAS and we’re really rolling out the red carpet to ensure that those customers and everybody who’s really driving reads and writes are really seeing the benefits of our hard work and getting those operations through to themselves faster. And so we’re cutting the latency on random reads and we’re hoping to get some more sequential read performance, too. Primarily for NFS,

00;11;19;15 – 00;11;25;02
Ken Mencher
But we’re also looking to improve our SAN and our SMB performance.

00;11;25;05 – 00;11;27;24
Justin Parisi
Talk to me a little bit more about what did we do to kind of tweak that.

00;11;27;27 – 00;11;50;17
Ken Mencher
The goal is to really improve performance for those, especially for the really scaled out customers and environments that are driving lots of systems into the really big controllers. But we’re also putting those improvements into ONTAP so that they’re giving everybody more throughput, lower latency, so that everybody’s seeing these benefits.

00;11;50;23 – 00;12;04;13
Justin Parisi
Is it dealing with a lot of things like we’ve done before where we move a process out of a certain domain in the CPU into another process? Are we moving out of what’s called stripe and into something else? Like how are we handling those random reads and random writes better now?

00;12;04;18 – 00;12;16;11
Ken Mencher
So yes, we are streamlining some of the steps that required to process a read and write operation, and we’re also making sure that we’ve got more parallelization. I hate that word because.

00;12;16;11 – 00;12;18;27
Justin Parisi
I just wanted you to say parallelization because it’s hard to say.

00;12;19;14 – 00;12;24;01
Ken Mencher
That one. That word. Exactly. Yes. We are putting more of that into the system.

00;12;24;09 – 00;12;25;08
Justin Parisi
More parallels.

00;12;25;29 – 00;12;27;08
Ken Mencher
Yes, we’re.

00;12;27;11 – 00;12;27;26
Keith Aasen
Oh.

00;12;28;05 – 00;12;33;29
Justin Parisi
What about scale? I mean, what are we doing for scale? We’re adding extra, you know, capacity or we’re adding anything else.

00;12;34;06 – 00;12;57;22
Ken Mencher
One of the things that customers ask me is I need to be able to put more in my environment. We’ve got these really big controllers and you can only put so many volumes on them before we run out of volumes. And so we’re taking our total cluster count for volumes from 15000 to 30000, which means you can handle a lot more volumes in a cluster.

00;12;57;22 – 00;13;12;29
Ken Mencher
And we’re I’m really excited about that. I’m really going to be continuing to push that further. I’m also looking to see what we can get. We’re going to be looking at increasing the number of volumes for a FAS system to 2500 by default out of the box.

00;13;13;07 – 00;13;23;18
Justin Parisi
So when you say 30,000 volumes in a cluster, that’s for a 24 node cluster or up to or is that any any number of nodes? Right. How does that work? Is it like what’s the limit per node?

00;13;24;07 – 00;13;29;10
Ken Mencher
So right now, the limit per node is 2500. So doing the math.

00;13;30;05 – 00;13;32;22
Keith Aasen
I think I need at least six nodes, a six or six node.

00;13;32;29 – 00;13;33;21
Justin Parisi
That’s generally how.

00;13;34;09 – 00;13;36;20
Keith Aasen
Short. 12. No, sorry, 12 nodes. Six HA pairs.

00;13;36;25 – 00;13;37;11
Ken Mencher
That’s it.

00;13;38;14 – 00;13;41;04
Justin Parisi
12 nodes, 6 HA pairs. Yeah. All right, cool.

00;13;41;04 – 00;13;42;12
Ken Mencher
So that works it out.

00;13;42;25 – 00;14;21;18
Justin Parisi
So it’s not a super large cluster. It’s pretty reasonable size because I mean, you don’t want to have to, like, have people go to 24 nodes if they don’t want to because it’s a lot of data center space and real estate. As far as of the large volume or the extra volume count goes, that’s really helpful for things like FlexGroup volumes, where you have n times a number of volumes every time you create a FlexGroup. It’s also really important for these environments that are doing more automation, more container provisioning, more things with NetApp Trident, right? So things where we have to we don’t really have visibility into the volumes being created and those can really pile up over time. And we’ve really seen customers push those with their containerized environments.

00;14;21;28 – 00;14;25;15
Justin Parisi
And I think that’s probably one of the main drivers of the larger volume counts, would you say?

00;14;26;03 – 00;14;44;17
Ken Mencher
Oh, absolutely. FlexGroups have been a big driver of volume count, and the Kubernetes/Trident environments – those guys are generating volumes on a constant basis, and they’ve been really looking to be able to take advantage, full advantage of their platforms and I’m really glad to be able to roll this out to those folks.

00;14;44;17 – 00;15;10;18
Justin Parisi
One of the things that I’ve heard in my day of dealing with FlexGroups is that people want to be able to balance data around in the FlexGroup. That’s been one of – kind of one of the sore spots of FlexGroup volumes and why people maybe would move back to FlexVols. So what have we done in that arena in ONTAP 9.12.1? I know in 9.11, we had a manual rebalance feature where you could move a single file in case you needed to do that. What are we doing in the new release?

00;15;10;29 – 00;15;39;18
Ken Mencher
In 9.12.1, we’ve taken the manual rebalancing and we’ve improved the performance on it and we have made it as an automated process, including integrating it into System Manager. And so you can look at System Manager, you can see the status of your FlexGroup. Is it well-balanced, unbalanced or really unbalanced? And you can set it to automatically relocate files, to rebalance it automatically, and you can just keep your hands off.

00;15;39;25 – 00;15;43;09
Ken Mencher
Not only does it do it automatically, but it also does it nondisruptively.

00;15;43;10 – 00;15;59;14
Justin Parisi
That’s awesome because I mean, the previous release when you did a file move, it was basically disruptive to that file. So now you’re able to do it without taking any outages. That said, I did see across the wire that there was a limitation to files that use VMalign. Is that still applicable here?

00;15;59;24 – 00;16;12;10
Ken Mencher
Yes, there is. And it’s also going to be targeting some of your larger files. There is a minimum size limit that is going to be looking at. So it’s not going to move all the little files all over the place is going to try and move the largest files first.

00;16;12;23 – 00;16;20;14
Justin Parisi
So does it leverage the preexisting File Systems Analytics to kind of figure that stuff out or does it use something else as a back end?

00;16;20;14 – 00;16;28;20
Ken Mencher
It does its own scanner set because it’s looking not only for large files, but also large files that may be clustered in a single constituent.

00;16;28;27 – 00;16;34;28
Justin Parisi
Okay. So it kind of tries to figure out where the hotspots are in a volume and tries to address that.

00;16;35;19 – 00;16;49;22
Ken Mencher
Absolutely. It looks at your FlexGroup as a whole. It attempts to determine where things might have grown as part of your file workload and tries to rebalance it based on size and usage.

00;16;49;22 – 00;16;59;14
Justin Parisi
So is this something that we kick off manually or is it something that ONTAP just says, “Oh wow, this FlexGroup is really unbalanced, I need to fix that”? Or is that something that’s in the future or is that something we can schedule?

00;16;59;14 – 00;17;20;29
Ken Mencher
Currently it is something that you have to kick off either via command line, REST or System Manager. Like I said, System Manager’s got a nice graphical view, a nice table of your volume, and shows you which ones are balanced or not. Or you can do that via CLI, but no, we do not do it automatically. It is something that is a future provision.

00;17;21;04 – 00;17;36;26
Keith Aasen
I’ll throw in. There just is the fact that it’s atomic in nature. And kinda what I mean by that is you can start it in any of those means and then you can stop it and you don’t need the job to finish per se to get the benefits of it. You can let it run for an hour when you have a low utilization period and start it and you’ll gain the benefits of it.

00;17;36;26 – 00;17;41;11
Keith Aasen
Right. It doesn’t have to run to completion to give you any of the benefits that you’re getting from the rebalancing.

00;17;41;14 – 00;17;48;13
Ken Mencher
Oh, yeah, because it’s moving one file at a time. Once that first file has been moved, you’re going to start seeing some rebalance coming back into your FlexGroup.

00;17;48;19 – 00;17;53;29
Justin Parisi
What sort of impact is there to the performance of the system as well as the performance of the FlexGroup when we do this?

00;17;53;29 – 00;18;19;29
Ken Mencher
We spent a lot of time making sure that the actual transfer is fairly low impact. You will see some performance impacts if you’re accessing a file that is currently being moved. But aside from that, the actual migration is fairly low impact. There will be some minor performance impacts accessing files that have been moved. Usually just the initial access where you’re looking for information about the file after that, seamless.

00;18;20;05 – 00;18;26;02
Justin Parisi
I imagine that we’re probably leveraging something like a file clone to get these across to constituents. Is that accurate?

00;18;26;09 – 00;18;31;03
Ken Mencher
It’s actually a SnapMirror technology that allows us to move a single file on demand.

00;18;31;07 – 00;18;35;08
Justin Parisi
Okay. So basically like a SnapMirror restore of a file to another constituent.

00;18;36;08 – 00;18;38;20
Ken Mencher
Correct? It’s essentially a small scale vol move.

00;18;38;23 – 00;19;01;28
Justin Parisi
That actually opens the doors, I think, in the future to a lot of other possibilities for other use cases. Right. So, I mean, it doesn’t necessarily have to be just for FlexGroup volume moving – later on, in the future. We could use it for other things. I guess I can definitely see use cases where doing a file level replication or a file level move is going to be useful, not just in a FlexGroup arena.

00;19;02;06 – 00;19;14;28
Ken Mencher
Oh, absolutely. The ability to control your data on a more granular level is absolutely something that we are focusing on, especially at these FlexGroups and FlexVols with the amount of disks available to grow ever larger.

00;19;15;04 – 00;19;29;00
Justin Parisi
Yeah. And this is something that ONTAP has generally been very good about is building blocks, right? Like taking a feature, creating it and then instead of trying to reinvent the wheel, taking that feature and using it somewhere else because there are lots of different ways you can use a feature.

00;19;29;07 – 00;19;46;27
Ken Mencher
Absolutely. ONTAP has really been a leader in taking what we’ve developed and building on it to enable new features, functionalities, faster feature functionalities. We can roll out a lot of technology really quickly by using what we’ve already built.

00;19;46;27 – 00;19;55;24
Justin Parisi
So that said, I mean, that kind of lends to this idea of flexibility. So, Keith, what’s new in ONTAP 9.12.1 that adds additional flexibility to ONTAP?

00;19;55;26 – 00;20;29;12
Keith Aasen
One of the huge areas for that is this idea of what we call file object multi protocol ONTAP never stores things as a file, as a LUN, or an object. We store data and then we layer protocols about how to access that data after the fact. And you know, we did this early days with being able to simultaneously access files both across NFS and SMB, right? Two quite different file systems accessing the same files at rest. So 9.12.1 we’re introducing the same ability but not being able to access those same files at rest, but accessing it via S3 object protocols. So pretty slick stuff there.

00;20;29;15 – 00;20;50;20
Justin Parisi
The reason why that’s such a big deal. So when you’re dealing with NFS and SMB, you’re still dealing with files, right? Files are files. When you’re dealing with object versus files, now you’re dealing with two different ways of consuming data. You have file level, which is more of a part of a file as you’re going through. And then you have object, which is the entire entity at one time.

00;20;51;01 – 00;20;57;29
Justin Parisi
So tell me a little bit more about what we’re doing there, what’s the limitation there and what’s supported, what isn’t?

00;20;58;00 – 00;21;13;08
Keith Aasen
Yeah, like you said, these aren’t just sort of small tweaks. These are radically different protocols. So first off, you know, the idea in a POSIX file system, you’ve got this concept of home directory, directory structure. So first thing we have to do is flatten out, that because in the object world, there are no directories, it’s just buckets.

00;21;13;22 – 00;21;38;09
Keith Aasen
And so we have to flatten that out. And the second angle is you can have duplicate file names, right? But the same file name can exist in two different directory as well. That can’t happen in object. So we have to make sure that every file or every object has a unique ID. So when we flatten the file system out, we actually create object IDs by using that directory structure. That will ensure that we’ve got a unique object ID for every file that exists over on the file side of the house.

00;21;38;09 – 00;22;03;03
Keith Aasen
Then permissions is another whole challenge. In a POSIX file system, you have a very complex set of permissions that some are assigned to a file level, some are inherited. Again, object is is very simplistic, right? It’s just access to the bucket and then you kind of have it or you don’t. Then maybe the last element of sort of complexity is, like you said. Files, you can do all sorts of things like append, where that concept doesn’t really exist in the object side. They’re PUTs and GETs.

00;22;03;03 – 00;22;19;20
Keith Aasen
That’s about it. You always write a net-new object. You can version it, but it’s always in that new object. So translating across those two is sort of complex. But ONTAP’s really up to the task more than any other platform out there, because again, we’re storing it as data. We’re not having to do the sort of core level translations.

00;22;19;20 – 00;22;35;23
Keith Aasen
We already sort of translate our raw data into the concept of files. In this case, we can just translate it differently into objects. So it’s much, much easier for ONTAP to do that than another platform that was written for files or written for objects and trying for them to do a full translation to the other protocol.

00;22;35;23 – 00;22;55;24
Justin Parisi
I think that’s a really big deal because not a lot of platforms can do that. It’s it’s very important to be able to have flexibility in how you access your data, especially when you’re in an app environment where your consumers may be doing very different things for the application and, you know, some of them maybe hosting it through S3, some of them maybe trying to access and write files through NFS.

00;22;56;05 – 00;23;09;08
Justin Parisi
Maybe you’re creating the file through NFS and the S3 objects are being consumed by the end users. So having that flexibility is great. It also prevents you from having to move a lot of data around. Now you can just access it all the same data sets.

00;23;09;12 – 00;23;25;06
Keith Aasen
That’s the big one, right? Is there are other platforms that offer this, but by copying the data and I’ve spoken to customers that today have a manual process where they copy and translate that data from one to the other. But it’s a ton of data being moved around. It’s two full copies of the data. This will be a single copy at rest.

00;23;25;06 – 00;23;42;23
Keith Aasen
You know, that translation sort of happens in real time. And the only other caveat that we have at this particular release is today it has to be file data that we present out as objects. But it can’t be the other way around. The data can’t be ingested as an object that we then, you know, layer a file system on top of that. Something that’s actually even more complex for us to do.

00;23;42;23 – 00;24;17;14
Keith Aasen
Yeah, hopefully that will be a feature capability. So today it’s file into object, which is actually the more important one where now we have far more data that’s already onboard systems that’s trapped in file systems. And we have a ton of new applications and services and analytics that want to access that data as objects. And so we can take that data that’s preexisting sitting in NAS shares, SMB or NFS, and point these new applications and services at it using object and extract that value out of the data. Right. And things like object recognition or data analytics or data tagging, all can be done now through object.

00;24;17;14 – 00;24;25;00
Justin Parisi
Are there any other sort of flexibility features that we have in ONTAP in that same vein, right, where we give people more options with the feature that we have today.

00;24;25;03 – 00;25;01;09
Keith Aasen
A little more on the flexibility I think I talked about last time I was on was this concept of SVM mobility, right? The ability to take a Storage Virtual Machine that is running on one cluster. I can move data anywhere around I want inside the cluster, but actually take that SVM in its entirety and move it to another cluster in the same data center, nondisruptively. So I’m not dropping shares, end users are unaware that I’m actually changing which cluster the SVM is running on. In 9.12.1 we’re adding in support for FAS systems. So that’s sort of interesting. Maybe I can move the SVM from FAS up to an AFF cluster if I need more performance, or vice versa, and also adding in support for SMB.

00;25;01;20 – 00;25;19;19
Keith Aasen
SMB doesn’t transfer well. A user connected to SMB share will drop when I cut over that SVM, but the share doesn’t actually go down, so they can immediately reconnect to that mount point. But those are a couple of nice enhancements to further open that use case of shuffling SVMs around in my data center without end users being impacted or having to change anything.

00;25;19;19 – 00;25;25;21
Justin Parisi
Yeah. And that drop is more of a nature of the statefulness of the protocol, and I would imagine that also applies for NFSv4 as well.

00;25;25;21 – 00;25;27;22
Keith Aasen
Right. Any of the stateful protocols. Correct.

00;25;28;01 – 00;25;47;17
Justin Parisi
Speaking of flexibility and the ability to do lots of different things with different features, we have a feature called FlexCache, where you can create a sparse cache that ties to an origin volume. So let’s say your FlexGroup volume or your very large 300 terabyte FlexVol and it doesn’t have to be 300 terabytes. It can be one terabyte, it can be 200 gigs.

00;25;47;17 – 00;25;58;15
Justin Parisi
And basically it’s a way to accelerate it mostly reads, right? Mostly for historically been for reads. ONTAP 9.12.1 brings something else here. I guess this is also public preview?

00;25;58;16 – 00;26;36;02
Ken Mencher
Yeah, FlexCache has been really great at accelerating reads. Unfortunately, the writes have had to kind of take the slow path or the long road all the way back to the origin, or to actually happen. So we’ve really been stressing FlexCache for those environments where you really need to do a lot of reads across a lot of systems, or a remote read, or a remote location. Well, we’re introducing as part of the public previews, something called FlexCache write back, which enables you to write to your local cache and we’ll process it there and then ship it back to the origin later to be integrated into your file system.

00;26;36;07 – 00;26;58;28
Justin Parisi
That’s going to be great, I think for customers that want to do more remote operations, maybe leverage the cloud more. I think the main challenge here is going to be if I write a file to multiple locations, let’s say I had the same database file and I’ve written to multiple caches. How does that file get committed back? Because now we have three different or two different copies of this file.

00;26;58;28 – 00;27;04;27
Justin Parisi
And in our in changes they may all be different. How do we make sure that that gets resolved on the data origin side?

00;27;04;28 – 00;27;29;08
Ken Mencher
Well, we do some synchronization between the caches, via the origin, which basically would work like you would if you were all writing to the same system originally. There’s a synchronization process between them so that as the writes come in, the different caches are communicating with each other and ensuring that there’s no data integrity problems or miscommunications about who’s got which order.

00;27;29;09 – 00;27;33;14
Justin Parisi
So is this done through straight up file locking, saying, “hey, this file’s locked for writes right now”?

00;27;33;19 – 00;27;41;14
Ken Mencher
Correct. And the file locking communicates back through the origin so that there’s no confusion about who has access to the file when.

00;27;42;00 – 00;28;00;20
Justin Parisi
And going back to our building blocks, right. This was a feature – the locking piece for FlexCache – got added, I think in like 9.9 or something? 9.8? Right around that time frame. So we’ve had this concept of file locking across caches in place. It’s kind of like this, this like hidden timebomb of like, “hey, now we’re going to support write back!”

00;28;00;20 – 00;28;07;15
Justin Parisi
And this is what people have really been wanting because, you know, the reads are nice, but ultimately what people want is the ability to do both.

00;28;07;15 – 00;28;10;25
Ken Mencher
Right, and I wouldn’t call it a time bomb. I mean, that’s kind of a negative.

00;28;10;25 – 00;28;14;08
Justin Parisi
And it’s kind of a negative connotation, but it’s it’s exploding with goodness.

00;28;14;27 – 00;28;16;29
Ken Mencher
Absolutely. I would call it –

00;28;17;05 – 00;28;21;06
Justin Parisi
It’s confetti and glitter. It’s like Rip Torn or whatever that guy’s name is.

00;28;21;29 – 00;28;26;29
Ken Mencher
We laid the groundwork to ensure that when we get to this point, we’re in great shape.

00;28;27;08 – 00;28;27;27
Justin Parisi
That’s right!

00;28;27;28 – 00;28;34;12
Keith Aasen
Remember when we were on for 9.11.1, we talked about FlexCache supporting atime updates. Mm. Funny how that suddenly would come up…

00;28;34;12 – 00;28;41;13
Justin Parisi
Why would we do that? And I mean, it’s really these are little clues, these are breadcrumbs for you as customers and end users. Right.

00;28;41;24 – 00;28;47;13
Ken Mencher
We should hold a contest to see if people can guess what we’re coming up with next based on what we’re introducing now.

00;28;47;20 – 00;29;05;16
Justin Parisi
That’s right. We got these little benign features. They may or may not be cool later on. Never know. The glitter bomb might explode later on. One thing that we’ve kind of been asked for a while here and that we haven’t done, I mean, you talk about all these features that we do and that we have added and we build them on to other things.

00;29;05;25 – 00;29;20;06
Justin Parisi
But there’s been one thing that’s been asked for for a while, and I think ultimately people have been disappointed that it hasn’t made it in yet, but now it’s in. So it’s NFS session trunking, right? So this is for v4. Ken, tell me a little bit more about that and what we’ve added.

00;29;20;08 – 00;29;44;14
Ken Mencher
Yeah. NFS session trunking has been something that people have been asking for because it provides a major performance improvement to the environment, really the ability to funnel so many NFS sessions through has just been something that provides a major performance improvement to those systems. You know, we looked at it, and it’s been asked, and we have to give the people what they asked for.

00;29;44;26 – 00;30;04;18
Justin Parisi
Well, I mean, ultimately, what it comes down to is there’s a very large vendor out there that does session trunking and they have been asking for it for a while. And that’s VMware, right, for data stores. And it’s perfect for that use case because when you have a single data store mounted to an NFS mount, you want to have as many streams as possible – without crossing the streams, of course…

00;30;04;18 – 00;30;05;20
Ken Mencher
Never cross the streams.

00;30;05;20 – 00;30;16;23
Justin Parisi
Never cross the streams. So with NFS Session Trunking, tell me about how that is compared to something like – like, is it like a multipathing, or is it more like an nconnect?

00;30;16;26 – 00;30;33;29
Ken Mencher
It is an encapsulation really that gives us the ability to really push the throughput. And basically we’re attaching a really large pipe between us and that VMware system to really enable them to push as much assembled clients together.

00;30;34;03 – 00;30;43;03
Justin Parisi
So is this more of multiple interfaces working together or is this multiple TCP streams on the same interface?

00;30;43;08 – 00;30;52;22
Ken Mencher
This is the ability to connect multiple interfaces together to a really single – really large pipe – that basically has multiple branches coming into it.

00;30;52;24 – 00;31;07;28
Justin Parisi
I guess what I’m getting at here is with nconnect, if I do an NFS mount, I get a number of a TCP sessions and that gives me more performance because I get parallelization of operations. With the session trunking piece, we’re trunking sessions as the name suggests.

00;31;07;28 – 00;31;08;09
Ken Mencher
Yeah.

00;31;08;09 – 00;31;22;15
Justin Parisi
But are we trunking it on the same interface like so if I have a single data LIF, is it going over that single interface or can I take multiple data LIFs and use them in collaboration to create a bigger pipe for that NFS mount?

00;31;22;19 – 00;31;31;13
Ken Mencher
Yes, we’re taking the latter there, but we’re taking the multiple interfaces, the multiple LIFs and being able to just kind of make the client see them as one big pipe.

00;31;31;13 – 00;31;49;11
Justin Parisi
Okay, so that’s good because it’s different overall functionality than nconnect. It’s not redundant and honestly, you know, it doesn’t with nconnect, VMware doesn’t support that right now anyway. As far as I know. So this gives VMware data stores more overall performance and better overall throughput because now you have more resources to offer it.

00;31;49;16 – 00;31;58;12
Ken Mencher
Absolutely. I was not going to name VMware. I mean, you know, they are the big vendor here, but anything can take advantage of NFS session trunking.

00;31;58;22 – 00;32;16;14
Justin Parisi
No, absolutely. Yeah. But they’ve been like the key use case that I’ve heard thrown out the most because we support pNFS. They don’t. Well, they supported session trunking. We didn’t. Now we have kind of met in the middle there and now we both support session trunking. So that really gives customers an option for that particular use case.

00;32;16;14 – 00;32;21;15
Justin Parisi
But you’re right, any application can take advantage of this provided the client support session trunking.

00;32;22;03 – 00;32;38;14
Ken Mencher
Right. And like you said, for VMware, this gives them the ability to really build out that pipe by using multiple smaller connections and bundle them together so that from their end, it appears to be one giant pipe that they can really push throughput.

00;32;38;21 – 00;32;46;08
Justin Parisi
Can I do this across data LIFs on different nodes in the cluster? Is it going to work that way or is it only on a single nodes, data LIFs.

00;32;46;16 – 00;32;49;28
Keith Aasen
Single node. I came across that one in testing.

00;32;49;28 – 00;32;50;13
Ken Mencher
Ah, I missed that one.

00;32;50;13 – 00;32;54;13
Keith Aasen
I came to the rescue. There are as many LIFs as you want, but on a single node.

00;32;54;17 – 00;33;09;22
Justin Parisi
Yeah, that makes sense. I mean, because it is same kind of idea as LACP, right? We can’t have like LACP data across multiple nodes, so you definitely have to keep to a single node mainly because there’s an nBlade there. And we don’t I don’t think we share nBlades yet.

00;33;09;22 – 00;33;15;24
Ken Mencher
Yeah, no data synchronization at that level between nodes is something we don’t have yet.

00;33;16;19 – 00;33;36;04
Justin Parisi
Yet. Building blocks! Anyway. So. Okay, cool. So we got FlexCache write back. We got NFS session trunking. Those are pretty important new features. I think very highly asked for features. Now I think we’ve covered all the major 9.12 aspects here. Is that correct Keith and Ken?

00;33;36;04 – 00;33;38;19
Ken Mencher
I think Keith had one more thing he wanted to talk about.

00;33;38;25 – 00;34;01;05
Keith Aasen
Yeah, I do – it’s sort of tangential to ONTAP 9.12.1, but the timing is amazing. You know, we talked about some of the System Manager things it added in and some of the new enhancements. And System Manager is getting really, really cool from a functionality and operational standpoint. But System Manager of course is meant to manage that one cluster. Well, what happens if I start getting into a much larger ecosystem?

00;34;01;08 – 00;34;21;15
Keith Aasen
So multiple clusters, maybe I’ve got clusters on-prem, as well as in the cloud. Maybe I’ve got, you know, storage data stores outside of ONTAP and I’m moving data between ONTAP and StorageGrid and third party storage. How do I monitor all this in one central location? So by the time that this airs, Justin, the cat will be out of the bag.

00;34;21;15 – 00;34;56;20
Keith Aasen
We’ll be announcing this concept of Blue XP, which is a unified management platform that can manage all this holistically. And so all the goodness we’re putting into System Manager ties into Blue XP so you don’t sacrifice anything from a individual cluster management standpoint, it’s just pulled into it. And the same holds true for things like AIQUM, Unified Manager, that people rely on to manage multiple clusters. That’s getting pulled into this Blue XP as well as things like Cloud Manager that was great for managing ONTAP instances in the cloud.

00;34;56;20 – 00;35;19;05
Keith Aasen
It’s all being centralized into this one unified plane that gives you a central location for a GUI, but also the ability to tie in automation. So a common set of REST APIs that you can do things across cluster/across location and then finally it has a really powerful RBAC engine that allows you to set up RBAC holistically across your ecosystem both on-prem and in the cloud.

00;35;19;06 – 00;35;38;25
Keith Aasen
People can still take their web browser and and go directly to System Manager and manage that cluster. That’s not changing. But you can also now optionally go into this Blue XP, which is either in the cloud or on-prem, and then Blue XP will give you a higher level management of your environment, which you can then kick down into System Manager of your individual clusters.

00;35;39;06 – 00;35;45;23
Justin Parisi
So Blue XP is pretty new. Can you kind of give me an idea of what that entails and how people can get a hold of it?

00;35;45;28 – 00;36;02;22
Keith Aasen
Yeah. So by the time this airs, it’ll be available for access and so you can get a hold of it in two choices. As I said, we run it natively as a cloud service and so you can just simply connect into it, set up an instance, tie in your your on-prem and cloud instances or just on-prem and be off to the races.

00;36;02;22 – 00;36;19;19
Keith Aasen
And then you don’t need to manage anything. It’s running as a service or. If you’re disconnected, you can pull it down, download it, and you stand up a virtual machine and run it on prem. Both instances are fully supported. I can’t remember the exact URL, but I’m sure Justin will post this with the podcast with the URL too.

00;36;20;19 – 00;36;30;10
Justin Parisi
Yeah, well it will include the links. Usually it doesn’t really work very well to read the links off in a podcast format because no one’s sitting there eagerly awaiting the link and writing it down manually…

00;36;30;10 – 00;36;32;06
Keith Aasen
As they’re driving in their car. Exactly.

00;36;33;00 – 00;36;44;02
Justin Parisi
All right. Cool. Sounds like has 9.12.1 got a lot of new, interesting things, some good scalability features, good security features. Any other hidden nuggets in there that we don’t know about other than what you just talked about with System Manager?

00;36;44;08 – 00;36;50;29
Keith Aasen
System Manager dark mode for us night dwellers in dark data centers, we have dark mode for System Manager, which is pretty dang cool.

00;36;51;03 – 00;37;13;25
Justin Parisi
Easy on our eyes. Cool. All right. So as far as finding more information, you know, we’ll definitely go into more detail with some of these features in later podcasts such as the S3 piece. But let’s talk about where to find more information about ONTAP 9.12.1. Are there any Insight sessions people should be looking out for?

00;37;13;25 – 00;37;21;04
Keith Aasen
I do a slightly deeper dove of of all the 9.12.1 features in Insight session 1042, so take a look at for that one.

00;37;21;09 – 00;37;24;20
Justin Parisi
Ken, did they let you do an Insight session this year did they ban you for life?

00;37;25;11 – 00;37;31;22
Ken Mencher
Oh, they threatened to ban me for life after I ran way over time on the last one I ran.

00;37;32;01 – 00;37;32;16
Justin Parisi
Talk too much!

00;37;32;16 – 00;37;38;11
Ken Mencher
I do. I do. Also, I kept answering questions.

00;37;38;22 – 00;37;44;18
Justin Parisi
Oh, you, you jerk. So anywhere else we can find more information other than insight sessions.

00;37;44;24 – 00;37;46;24
Ken Mencher
The NetApp website. NetApp.com.

00;37;47;02 – 00;37;51;12
Justin Parisi
All right. Excellent. Again, Keith, if we want to reach you, how do we do that?

00;37;51;12 – 00;37;57;25
Keith Aasen
keitha@netapp.com and forget that whole “i before e” business that won’t get you anywhere, it’s k-e-i-t-h.

00;37;58;03 – 00;38;02;06
Justin Parisi
It’s the Canadian spelling. And Ken?

00;38;02;12 – 00;38;14;01
Ken Mencher
Don’t have any “i’s” or in my name, unfortunately. Otherwise I have to flip it just to make sure that it’s not Keith style. It’s mencher@netapp.com. m-e-n-c-h-e-r.

00;38;14;02 – 00;38;25;17
Justin Parisi
Keith, Ken, thanks so much for joining us today and talking to us all about the ONTAP 9.12.1 features. Again, like I said, we’ll have additional podcasts on deeper dives into some of these features. So yeah, again, thanks for joining us.

00;38;25;17 – 00;38;55;10
Justin Parisi
All right. That music tells me it’s time to go. If you’d like to get in touch with us, send us an email to podcast@netapp.com or send us a tweet @NetApp. As always, if you’d like to subscribe find us on iTunes, Spotify, Google Play, iHeart Radio, SoundCloud, Stitcher via techontappodcast.com. If you liked the show today, leave us a review. On behalf of the entire Tech ONTAP podcast team, I’d like to thank Keith Aasenand Ken Mencher for joining us today. As always, thanks for listening.

00;38;56;12 – 00;39;26;17
Podcast intro
[Tech ONTAP Podcast outro music]

 

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s