Behind the Scenes: Episode 79 – Databases and Cloud with Jeff Steiner

Welcome to the Episode 79, part of the continuing series called “Behind the Scenes of the NetApp Tech ONTAP Podcast.”

group-4-2016

This week on the podcast, we invite the database guru himself, Jeff Steiner (@TweetofSteiner) to talk about databases, the cloud as it pertains to ONTAP and SolidFire. We go over a wide array of things as Jeff tells us exactly how he feels about marketing and NVMe, the current shiny object/topic du jour in the storage industry. Jeff pulls no punches.

Jeff Steiner also has a blog at https://words.ofsteiner.com.

Finding the Podcast

The podcast is all finished and up for listening. You can find it on iTunes or SoundCloud or by going to techontappodcast.com.

Also, if you don’t like using iTunes or SoundCloud, we just added the podcast to Stitcher.

http://www.stitcher.com/podcast/tech-ontap-podcast?refid=stpr

I also recently got asked how to leverage RSS for the podcast. You can do that here:

http://feeds.soundcloud.com/users/soundcloud:users:164421460/sounds.rss

You can listen here:

Taking a look at the new MyAutosupport Dashboard

NetApp has released a new MyAutosupport dashboard to help enhance the value you get out of the tool. The new features focus on predictive analytics, as well as proactive steps to help maintain your ONTAP cluster in an easier to digest format.

Included in the release are:

  • New customer dashboard with capacity and upgrade recommendations
  • New system dashboard with recommendation details
  • Workload tagging for context sensitive recommendations
  • Upgrade recommendations and plans in a few clicks
  • Dynamic and powerful search for your installed base
  • Modern, responsive user interface

The new interface can be found here:

http://mysupport.netapp.com/myautosupport/dist/index.html

What does it look like?

The new dashboard has a simpler look and feel and offers monitoring and historical tracking of system data, as well as predictive analysis.

The following gives an example of how the new MyAutosupport will look and feel:

myasup1.png

The splash page will deliver a way to track usage and consumption, ensure you’re running the recommended ONTAP versions, as well as viewing recent support cases and system risks to see if there needs to be some proactive maintenance done on a system.

Detailed views

In addition to the overall summary, you can click on one of the sections and drill down into a more detailed analysis of your cluster.

myasup2

View capacity forecasts based on data and workload trends, storage efficiency summaries and details about system risks.

Workload tagging

In addition to the predictive analysis and risk assessment, MyAutosupport also offers a way to tag specific volumes in your cluster and associate them with an application workload. Then, MyAutosupport will provide context sensitive proactive recommendations that will enable you get better efficiency, performance, and availability for your applications. You will also receive recommendations for best practices that are specific to your application. MyAutosupport will come pre-populated with specific applications in a drop down box to simplify the procedure.

myasup3.png

Simplified upgrade planning

From MyAutosupport, you can generate upgrade plans to provide a smoother and simpler way to perform non-disruptive upgrades. Just click on the “Upgrade Recommendation” portion of MyAutosupport, select the systems to upgrade, the target version and click Next.

myasup4

Enhanced search functionality

MyAutosupport also allows for better search functionality across systems in your environment. Simply type in a name, site or cluster and the list will populate in real time.

myasup5.png

Don’t like it?

That’s fine! We still have “Classic My Autosupport” for people who hate change.

oldman-myasup.png

myasup.png

 

 

Behind the Scenes: Episode 78 – NetApp Certifications featuring the NetApp A-Team

Welcome to the Episode 78, part of the continuing series called “Behind the Scenes of the NetApp Tech ONTAP Podcast.”

group-4-2016

This week on the podcast, several NetApp A-Team members were in RTP to help create the NetApp NCIE exams that are used to help officially certify storage administrators for ONTAP. We rounded up Ruari McBride (@mcbride_ruairi), Scott Gelb (@scottygelb) and Steven Cortez (@mscproductions) to discuss how a NetApp certification exam gets created and why you’d want to take one.

To find out more about the NCIE, check out the official NetApp page: http://www.netapp.com/us/services-support/university/certification/ncie-san/index.aspx

Finding the Podcast

The podcast is all finished and up for listening. You can find it on iTunes or SoundCloud or by going to techontappodcast.com.

Also, if you don’t like using iTunes or SoundCloud, we just added the podcast to Stitcher.

http://www.stitcher.com/podcast/tech-ontap-podcast?refid=stpr

I also recently got asked how to leverage RSS for the podcast. You can do that here:

http://feeds.soundcloud.com/users/soundcloud:users:164421460/sounds.rss

You can listen here:

Behind the Scenes: Episode 77 – CTO Predictions 2017 with Dr. Mark Bregman

Welcome to the Episode 77, part of the continuing series called “Behind the Scenes of the NetApp Tech ONTAP Podcast.”

group-4-2016

This week, we welcome NetApp CTO Dr. Mark Bregman (@drmarkbregman) to the podcast to discuss his recent CTO predictions with us and elaborate a bit on where he sees the IT industry shifting. Below is the short list of the predictions. Click here for the slide share. Tune in to the podcast for the details!

  • Prediction 1: Data Is the New Currency
  • Prediction 2: The Cloud as Catalyst and Accelerator
  • Prediction 3: New Technologies Become Standard
  • Prediction 4: A Wider Dynamic Range of Storage and Data Management Technologies Evolves
  • Prediction 5: New Models Take Hold
  • Prediction 6: Consumerization of IT Persists

Finding the Podcast

The podcast is all finished and up for listening. You can find it on iTunes or SoundCloud or by going to techontappodcast.com.

Also, if you don’t like using iTunes or SoundCloud, we just added the podcast to Stitcher.

http://www.stitcher.com/podcast/tech-ontap-podcast?refid=stpr

I also recently got asked how to leverage RSS for the podcast. You can do that here:

http://feeds.soundcloud.com/users/soundcloud:users:164421460/sounds.rss

You can listen here:

Behind the Scenes: Episode 76 – Customer Chat with Yahoo’s Jeff Mohler

Welcome to the Episode 76, part of the continuing series called “Behind the Scenes of the NetApp Tech ONTAP Podcast.”

group-4-2016

This week on the podcast, we bring in a NetApp customer for a candid chat about how they use NetApp’s portfolio in their environment and what sort of challenges they face in day to day operations. Join us as we talk with Jeff Mohler (https://www.linkedin.com/in/jemohler/), a principal Global Storage Architect at Yahoo and get a feel for how an enterprise customer manages thousands of NetApp systems.

If you’re a NetApp customer and you’re interested in appearing on the podcast to chat about how you’re using NetApp, be sure to shoot us an email to podcast@netapp.com!

Finding the Podcast

The podcast is all finished and up for listening. You can find it on iTunes or SoundCloud or by going to techontappodcast.com.

Also, if you don’t like using iTunes or SoundCloud, we just added the podcast to Stitcher.

http://www.stitcher.com/podcast/tech-ontap-podcast?refid=stpr

I also recently got asked how to leverage RSS for the podcast. You can do that here:

http://feeds.soundcloud.com/users/soundcloud:users:164421460/sounds.rss

You can listen here:

Behind the Scenes: Episode 75 – NetApp 101

Welcome to the Episode 75, part of the continuing series called “Behind the Scenes of the NetApp Tech ONTAP Podcast.”

group-4-2016

This week, we brought in a couple of NetApp n00bz from SolidFire – Amy Lewis (@CommsNinja) and Mike Turner (@1andOnlyMikeT) to talk about NetApp basics, from our portfolio offerings to our culture. Mike plays the role of interviewer, while Glenn, Andrew and Justin play the role of podcast guests.

Finding the Podcast

The podcast is all finished and up for listening. You can find it on iTunes or SoundCloud or by going to techontappodcast.com.

Also, if you don’t like using iTunes or SoundCloud, we just added the podcast to Stitcher.

http://www.stitcher.com/podcast/tech-ontap-podcast?refid=stpr

I also recently got asked how to leverage RSS for the podcast. You can do that here:

http://feeds.soundcloud.com/users/soundcloud:users:164421460/sounds.rss

You can listen here:

SMB1 Vulnerabilities: How do they affect NetApp’s Data ONTAP?

Google SMBv1 vulnerability, and you’ll get a ton of hits. There’s a reason for this.

SMB1 is the devil!

waterboy-smb1.jpg

But seriously, there are some major security holes in the protocol.

For a good rundown, check out the new NetApp CIFS/SMB TME Chris Hurley’s blog:

http://averageguyx.blogspot.com/2017/03/smb1-is-baaaaaad.html

This is in addition to the limitations of SMB1, such as lack of resiliency for network loss, lack of durable handles and overall performance and chattiness. There are many good reasons why Microsoft has decided to deprecate SMB1 in favor of newer protocols. SMB owner at Microsoft, Ned Pyle (@NerdPyle), gives a plethora of impassioned reasoning in his TechNet blog “Stop using SMB1!

So, there we are. SMB1 is bad, mmkay?

How does SMB1’s devil status affect NetApp’s ONTAP operating systems?

This question comes up a bit here at NetApp, since security scanners will throw bells, whistles and alarms whenever SMB1 is detected in an environment. What follows is:

  • Does SMB1 in ONTAP have the same vulnerabilities?
  • Can I disable SMB1 in ONTAP?
  • If I can’t disable it, can I block it?

The good news is, the main security vulnerabilities that plague SMB1 in Windows generally don’t affect ONTAP (such as 0-day), because ONTAP isn’t a Windows client. It’s using a proprietary, custom built CIFS/SMB stack (akin to Samba). Thus, the vulnerabilities that impact Windows don’t impact ONTAP.

Note: I can’t take all the credit for the information in this blog. That credit goes to John Lantz (CIFS TME at NetApp), as well as various CIFS/SMB engineering resources here.

Can I disable SMB1 in ONTAP?

While the vulnerabilities don’t necessarily affect ONTAP, the security scanners still are triggering alarms and managers are still wanting the red X’s to go away.

scan

As a result, people want to just turn it off in ONTAP, especially since they aren’t currently using it in their environments (hopefully).

The good news is that ONTAP is in the process of deprecating SMB1. The bad news? It’s still there and there’s no current way to disable it. NetApp is currently working on adding a way to do it. The closest thing we have is the ability to control what SMB version is used with domain controllers for authentication. In systems running ONTAP 7-mode, use the following option to enable SMB2.

cifs.smb2.client.enable

In systems running clustered ONTAP, starting in ONTAP 9.1, you can disable SMB1 connections to the DC, as well as enabling SMB2.

[-smb1-enabled-for-dc-connections {false|true|system-default}] - SMB1 Enabled for DC Connections
 This parameter specifies whether SMB1 is enabled for use with connections to domain controllers. If you do not specify this parameter, the default is system-default.

SMB1 Enabled For DC Connections can be one of the following:
o false - SMB1 is not enabled.
o true - SMB1 is enabled.
o system-default - This sets the option to whatever is the default for the release of Data ONTAP that is running. For this release it is: SMB1 is enabled.

[-smb2-enabled-for-dc-connections {false|true|system-default}] - SMB2 Enabled for DC Connections
 This parameter specifies whether SMB2 is enabled for use with connections to domain controllers. If you do not specify this parameter, the default is system-default.

SMB2 Enabled For DC Connections can be one of the following:
o false - SMB2 is not enabled.
o true - SMB2 is enabled.
o system-default - This sets the option to whatever is the default for the release of Data ONTAP that is running. For this release it is: SMB2 is not enabled.

Use the following command to do that:

cifs security modify -vserver DEMO -smb1-enabled-for-dc-connections false -smb2-enabled-for-dc-connections true

Since I can’t disable it in ONTAP, can I block it?

Technically, you *could* block the SMB1 ports. However, if you block ports that SMB2 also needs (such as 445), you’d be in trouble.

The official recommendation from Microsoft is a combination of disabling SMB1 on clients (you could handle this via Group Policy), as well as blocking ports on *external* facing interfaces. In other words, don’t allow SMB outside of the firewall.

Here’s the official link:

https://technet.microsoft.com/en-us/library/cc766392%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

To disable SMB1 on the client:

https://support.microsoft.com/en-us/kb/2696547

Inside your firewall, you shouldn’t need the following ports, so block away:

  • UDP/137 (NetBIOS name service)
  • UDP/138 (NetBIOS datagram service)
  • TCP/139 (NetBIOS session service)

In some cases, you won’t be able to rid yourself entirely of SMB1. Remember that $30k printer/copier/scanner that you bought 10 years ago that was cool because you could scan directly to a SMB share? Yeah…. that’s probably still using SMB1. Check with your scanner/copier vendor to see if they have any software updates. Otherwise, you may need to disable SMB1 on the copier/scanner, or budget for a new one.

copier

For official NetApp statement on SMB1, check out this TR, starting on page 4:

http://www.netapp.com/us/media/tr-4543.pdf

Behind the Scenes: Episode 74 – Performance 101 with Tony Gaddis

Welcome to the Episode 74, part of the continuing series called “Behind the Scenes of the NetApp Tech ONTAP Podcast.”

group-4-2016

This week, we welcome Mr. Performance, Tony Gaddis (gaddis@netapp.comgaddis@netapp.com) into the studio to give us an ONTAP performance primer. We discuss WAFL, ONTAP performance basics, frequently asked questions and approaches to performance troubleshooting.

Finding the Podcast

The podcast is all finished and up for listening. You can find it on iTunes or SoundCloud or by going to techontappodcast.com.

Also, if you don’t like using iTunes or SoundCloud, we just added the podcast to Stitcher.

http://www.stitcher.com/podcast/tech-ontap-podcast?refid=stpr

I also recently got asked how to leverage RSS for the podcast. You can do that here:

http://feeds.soundcloud.com/users/soundcloud:users:164421460/sounds.rss

You can listen here:

https://soundcloud.com/techontap_podcast/episode-74-ontap-performance-101-with-tony-gaddis

Behind the Scenes: Episode 73 – SNIA and Technology Trends

bgydxiicqaa1yk7

Welcome to the Episode 73, part of the continuing series called “Behind the Scenes of the NetApp Tech ONTAP Podcast.”

group-4-2016

This week, we invited one of the board members over at the storage industry’s standards organization, the Storage Networking Industry Association (SNIA). Alex McDonald (@alextangent) is a director and vice-chair at SNIA and covers cloud, as well as NFS.

logo

He also happens to be part of the office of the CTO here at NetApp and was kind enough to join us whilst in RTP to chat about SNIA and technology trends. We talk a bit more about NVMe, which we also covered in last week’s podcast.

In addition, I went off on one of my classic tangents. This time, it was regarding Spaceballs, and the concept of “now.”

Finding the Podcast

The podcast is all finished and up for listening. You can find it on iTunes or SoundCloud or by going to techontappodcast.com.

Also, if you don’t like using iTunes or SoundCloud, we just added the podcast to Stitcher.

http://www.stitcher.com/podcast/tech-ontap-podcast?refid=stpr

I also recently got asked how to leverage RSS for the podcast. You can do that here:

http://feeds.soundcloud.com/users/soundcloud:users:164421460/sounds.rss

You can listen here:

ONTAP CLI comparison tool

ontapcli

Ever wonder where a command you always used to use went? Or what the new commands in an ONTAP release are? Didn’t want to read every document on the planet to find out?

Well, good news!

NetApp has released a new tool that does ONTAP CLI comparisons between releases on the support site! And you don’t even need a valid NetApp login to see it.

http://mysupport.netapp.com/NOW/products/support/cli-comparison.shtml

This tool takes comparisons of commands between one major release and color codes them to show which have been added, changed or removed.

ontapcli-compare1ontapcli-compare-menu

Once you click on one of the releases, you get a page that has a color-coded legend and a series of drop down boxes that allow you to navigate different levels of the CLI directory structure. Green means “added.” Yellow is “changed.” Red is “removed.”

In addition, the drop down menus allow for quick navigation of the CLI directories. For instance, you can click “vserver” and get all of the sub-commands.

ontapcli-compare2

Once you select one, it takes you to the area of the table that you selected.

ontapcli-compare3.png

That’s it! Pretty simple. If you’re interested in some ONTAP CLI tricks and tips, check out TECH::Become a clustered Data ONTAP CLI Ninja.