Introducing: ONTAP Recipes!

Official NetApp ONTAP recipes blog here:

One of the key initiatives NetApp has had over the course of the past few years is driving the simplicity and ease of use of ONTAP, its flagship storage software. Some of that work is going into the GUIs that run ONTAP, such as:

  • OnCommand System Manager being moved on-box to prevent the need to manage it on external systems, starting in ONTAP 8.3
  • Application provisioning templates for NAS and SAN applications starting in ONTAP 8.3.2 (including Oracle, VMware, Hyper-V, SQL, SAP HANA and others)
  • Performance headroom/capacity in System Manager in ONTAP  9.0
  • Top client/performance visibility in OnCommand System Manager via ONTAP  9.0
  • Intelligent, automatic balanced placement of storage objects when provisioning volumes and LUNs in ONTAP 9.2
  • Simplified cluster setup, ease of management when adding new nodes, automated non-disruptive upgrades starting in ONTAP 8.3.2 and later
  • Unification of OnCommand Performance Manager and Unified Manager into a single OVA in OnCommand 7.2
  • Better overall look and feel of the GUIs

There’s plenty more to tout, but this is a blog about NetApp’s newest way to help storage administrators (and reluctant, de facto storage administrators) manage ONTAP via…

ONTAP Recipes!

If you’ve ever watched a cooking show, the chef will show you the ingredients and how to assemble/mix/prep. Then, into the oven. Within seconds, through the magic of television, the steaming, hot, fully cooked dish is ready to eat. Super easy, right?


What they don’t show you is the slicing, chopping, cutting and dicing of the ingredients. That’s done ahead of time and measured out into little dishes. They also don’t show you the various times you inevitably forget to add an ingredient, or you add too much, or you have to run to the store to pick up something you forgot.

Then, the ultimate lie – they don’t let on that the perfectly cooked meal was prepared well before the show was filmed, waiting in the oven in all its perfection.

And that’s ok! We don’t want to see “how the sausage is made.”

We just want to consume it. And our storage is not that much different.

That’s the idea behind ONTAP recipes – they are intended to be written in an easy to follow order. Easy to read. Easy to consume. The goal is to deliver a new recipe each week. If you have a specific recipe you’d like to see, comment here or on the official NetApp ONTAP recipe page. Happy eating!


Here’s the latest one. The goal was to correspond with MongoDB World in Chicago on June 20-21:

For all the others, go here:


New doc – Top Best Practices for FlexGroup volumes

When I wrote TR-4571: NetApp FlexGroup Volume Best Practices and Implementation Guide, I wanted to keep the document under 50 pages to be more manageable and digestible. 95 pages later, I realized there was so much good information to pass on to people about NetApp FlexGroup volumes that I wasn’t going to be able to condense a TR down effectively.


The TRs have been out for a while now, and I’m seeing that 95 pages might be a bit much for some people. Everyone’s busy! I was getting asked the same general questions about deploying FlexGroup volumes over and over and decided I needed to create a new, shorter best practices document that focused *only* on the most important, most frequently asked general best practices. It’s part TR, part FAQ. It’s more of an addendum, a sort of companion reader to TR-4571. And the best part?


Check it out here:

Ransomware, NetApp and You

The world is a nefarious place. All you have to do is read the latest headlines to see why.

As the use of the Internet has expanded to include things like cloud and the Internet of Things, the number of threats have also expanded. Computer viruses, root kits, spoofing, phishing, spear phishing, denial of service attacks, hacking, Nigerian princes promising a million dollars to your 75 year old mother in law… all of these things are challenges that IT professionals face every day.

One of the nastier security issues out there is something called “ransomware.” It’s exactly what it sounds like – someone gets control of your data via one of the aforementioned ways and encrypts it and holds it ransom, usually for payment in dollars or bitcoin. It’s the Internet version of “Taken” and it often requires someone with a very particular set of skills to combat.


How do you combat ransomware?

There are essentially two ways to combat ransomware:

  1. Threat prevention via securing your networks, authentication and user education.
  2. Restoring from backup (wait. Did we backup???)

NetApp has long been known for its superior Snapshot technology, but with ransomware, it now has a new use case.

If you store your data on NetApp storage and keep a regular cadence of snapshots, you can recover nearly instantaneously from ransomware attacks and be back in business in minutes. Snapshots are readonly, so they can’t be modified by attackers. If someone locks your data up, unlock it by rolling back to happier times, such as when your data was not being held hostage by ransomware.

Matt Watts (@mtjwatts) recently did an excellent job coming up with “10 Good Reasons” for NetApp with regard to ransomware protection. Here is the infographic:


NetApp won’t necessarily prevent ransomware, but they can help get you out of a sticky situation.

In addition to the above, NetApp Security Technical Marketing Engineer Andrae Middleton ( wrote up a Technical Report on Ransomware and NetApp that will be out very soon. You can find that here:

Andrae also has some other useful NetApp security related documentation here:

DS-3846: Security Features in ONTAP 9

TR-4569 Security Hardening Guide for ONTAP 9

We also had Andrae on the Tech ONTAP podcast, along with NetApp A-Team member Jarett Kulm (@jk47theweapon):


9.1RC2 is now available!


9.1RC2 is now available!

That’s right – release candidate now available. If you have concerns over the “RC” designation, allow me to recap what I mentioned in a previous blog post:

RC versions have completed a rigorous set of internal NetApp tests and are are deemed ready for public consumption. Each release candidate would provide bug fixes that eventually lead up to the GA edition. Keep in mind that all release candidates are fully supported by NetApp, even if there is a GA version available. However, while RC is perfectly fine to run in production environments, GA is the recommended version of any ONTAP software release.

For a more official take on it, see the NetApp link:

What’s new in ONTAP 9.1?

At a high level, ONTAP 9.1 brings:

9.1RC2 specifically brings (outside of bug fixes):

  • Support for the DS460C shelves
  • Official support for backup of NAS to cloud via AltaVault (SnapMirror)
  • SMB support for NetApp FlexGroup volumes

Happy upgrading!

For info about ONTAP 9.0, see:

ONTAP 9 RC1 is now available!

ONTAP 9.0 is now generally available (GA)!


Behind the Scenes: Episode 61 – Security and Storage

Welcome to the Episode 61, part of the continuing series called “Behind the Scenes of the NetApp Tech ONTAP Podcast.”


This week on the podcast, we discuss security in storage systems with the new security TME Andrae Middleton and NetApp A-Team member Jarett Kulm (@JK47theweapon) of High Availability, Inc. We cover security at rest, in-flight, methodologies, ransomware and much more!

Also be sure to check out our podcast on NetApp Volume Encryption.

Finding the Podcast

The podcast is all finished and up for listening. You can find it on iTunes or SoundCloud or by going to

Also, if you don’t like using iTunes or SoundCloud, we just added the podcast to Stitcher.

I also recently got asked how to leverage RSS for the podcast. You can do that here:

You can listen here:

ONTAP 9.1 RC1 is now available!

For info about ONTAP 9.0, see:

ONTAP 9 RC1 is now available!

ONTAP 9.0 is now generally available (GA)!

While many of the features of ONTAP 9.1 were announced at Insight 2016 in Las Vegas, the official release of the software wasn’t scheduled until the first week of October, which was the week after the conference.

For Insight Las Vegas highlights, see

Get used to more features being released for ONTAP in the coming years. We’ve sped up the release cycle to get more cool stuff out faster!

But now, ONTAP 9.1 RC1 available!

That’s right – the next major release of ONTAP is now available. If you have concerns over the “RC” designation, allow me to recap what I mentioned in a previous blog post:

RC versions have completed a rigorous set of internal NetApp tests and are are deemed ready for public consumption. Each release candidate would provide bug fixes that eventually lead up to the GA edition. Keep in mind that all release candidates are fully supported by NetApp, even if there is a GA version available. However, while RC is perfectly fine to run in production environments, GA is the recommended version of any ONTAP software release.

For a more official take on it, see the NetApp link:

What’s new in ONTAP 9.1?

At a high level, ONTAP 9.1 brings:

If you have questions about any of the above, leave a comment and I’ll address them in a future blog post.

Happy upgrading!





NetApp FlexGroup: An evolution of NAS


Check out the official NetApp version of this blog on the NetApp Newsroom!

I’ve been the NFS TME at NetApp for 3 years now.

I also cover name services (LDAP, NIS, DNS, etc.) and occasionally answer the stray CIFS/SMB question. I look at NAS as a data utility, not unlike water or electricity in your home. You need it, you love it, but you don’t really think about it too much and it doesn’t really excite you.

However, once I heard that NetApp was creating a brand new distributed file system that could evolve how NAS works, I jumped at the opportunity to be a TME for it. So, now, I am the Technical Marketing Engineer for NFS, Name Services and NetApp FlexGroup (and sometimes CIFS/SMB). How’s that for a job title?

We covered NetApp FlexGroup in the NetApp Tech ONTAP Podcast the week of June 30, but I wanted to write up a blog post to expand upon the topic a little more.

Now that ONTAP 9.1 is available, it was time to update the blog here.

For the official Technical Report, check out TR-4557 – NetApp FlexGroup Technical Overview.

For the best practice guide, see TR-4571 – NetApp FlexGroup Best Practices and Implementation Guide.

Here are a couple videos I did at Insight:

I also had a chance to chat with Enrico Signoretti at Insight:

Data is growing.

It’s no secret… we’re leaving – some may say, left – the days behind where 100TB in a single volume is enough space to accommodate a single file system. Files are getting larger and datasets are increasing. For instance, think about the sheer amount of data that’s needed to keep something like a photo or video repository running. Or a global GPS data structure. Or Electronic Design Automation environments designing the latest computer chipset. Or seismic data analyzing oil and gas locations.

Environments like these require massive amounts of capacity, with billions of files in some cases. Scale-out NAS storage devices are the best way to approach these use cases because of the flexibility, but it’s important to be able to scale the existing architecture in a simple and efficient manner.

For a while, storage systems like ONTAP had a single construct to handle these workloads – the Flexible Volume (or, FlexVol).

FlexVols are great, but…

For most use cases, FlexVols are perfect. They are large enough (up to 100TB) and can handle enough files (up to 2 billion). For NAS workloads, they can do just about anything. But where you start to see issues with the FlexVol is when you start to increase the number of metadata operations in a file system. The FlexVol volume will serialize these operations and won’t use all possible CPU threads for the operations. I think of it like a traffic jam due to lane closures; when a lane is closed, everyone has to merge, causing slowdowns.


When all lanes are open, traffic is free to move normally and concurrently.


Additionally, because a FlexVol volume is tied directly to a physical aggregate and node, your NAS operations are also tied to that single aggregate or node. If you have a 10-node cluster, each with multiple aggregates, you might not be getting the most bang for your buck.

That’s where NetApp FlexGroup comes in.

FlexGroup has been designed to solve multiple issues in large-scale NAS workloads.

  • Capacity – Scales to multiple petabytes
  • High file counts – Hundreds of billions of files
  • Performance – parallelized operations in NAS workloads, across CPUs, nodes, aggregates and constituent member FlexVol volumes
  • Simplicity of deployment – Simple-to-use GUI in System Manager allows fast provisioning of massive capacity
  • Load balancing – Use all your cluster resources for a single namespace

With FlexGroup volumes, NAS workloads can now take advantage of every resource available in a cluster. Even with a single node cluster, a FlexGroup can balance workloads across multiple FlexVol constituents and aggregates.

How does a FlexGroup volume work at a high level?

FlexGroup volumes essentially take the already awesome concept of a FlexVol volume and simply enhances it by stitching together multiple FlexVol member constituents into a single namespace that acts like a single FlexVol to clients and storage administrators.

A FlexGroup volume would roughly look like this from an ONTAP perspective:


Files are not striped, but instead are placed systematically into individual FlexVol member volumes that work together under a single access point. This concept is very similar in function to a multiple FlexVol volume configuration, where volumes are junctioned together to simulate a large bucket.


However, multiple FlexVol volume configurations add complexity via junctions, export policies and manual decisions for volume placement across cluster nodes, as well as needing to re-design applications to point to a filesystem structure that is being defined by the storage rather than by the application.

To a NAS client, a FlexGroup volume would look like a single bucket of storage:


When a client creates a file in a FlexGroup, ONTAP will decide which member FlexVol volume is the best possible container for that write based on a number of things such as capacity across members, throughput, last accessed… Basically, doing all the hard work for you. The idea is to keep the members as balanced as possible without hurting performance predictability at all, and, in fact, increasing performance in some workloads.

The creates can arrive on any node in the cluster. Once the request arrives to the cluster, if ONTAP chooses a member volume that’s different than where the request arrived, a hardlink is created within ONTAP (remote or local, depending on the request) and the create is then passed on to the designated member volume. All of this is transparent to clients.

Reads and writes after a file is created will operate much like they already do in ONTAP FlexVols now; the system will tell the client where the file location is and point that client to that particular member volume. As such, you would see much better gains with initial file ingest versus reads/writes after the files have already been placed.


Why is this better?


When NAS operations can be allocated across multiple FlexVol volumes, we don’t run into the issue of serialization in the system. Instead, we start spreading the workload across multiple file systems (FlexVol volumes) joined together (the FlexGroup volume). And unlike Infinite Volumes, there is no concept of a single FlexVol volume to handle metadata operations – every member volume in a FlexGroup volume is eligible to process metadata operations. As a result, FlexGroup volumes perform better than Infinite Volumes in most cases.

What kind of performance boost are we potentially seeing?

In preliminary testing of a FlexGroup against a single FlexVol, we’ve seen up to 6x the performance. And that was with simple spinning SAS disk. This was the set up used:

  • Single FAS8080 node
  • SAS drives
  • 16 FlexVol member constituents
  • 2 aggregates
  • 8 members per aggregate

The workload used to test the FlexGroup as a software build using Git. In the graph below, we can see that operations such as checkout and clone show the biggest performance boosts, as they take far less time to run to completion on a FlexGroup than on a single FlexVol.


Adding more nodes and members can improve performance. Adding AFF into the mix can help latency. Here’s a similar test comparison with an AFF system. This test used GIT, but did a compile of gcc instead of the Linux source code to give us more files.


In this case, we see similar performance between a single FlexVol and FlexGroup. We do see slightly better performance with multiple FlexVols (junctioned), but doing that creates complexity and doesn’t offer a true single namespace of >100TB.

We also did some recent AFF testing with a GIT workload. This time, the compile was the gcc library, rather than a Linux compile. This gave us more files and folders to work with. The systems used were an AFF8080 (4 nodes) and an A700 (2 nodes).


Simple management

FlexGroup volumes allow storage administrators to deploy multiple petabytes of storage to clients in a single container within a matter of seconds. This provides capacity, as well as similar performance gains you’d see with multiple junctioned FlexVol volumes. (FYI, a junction is essentially just mounting a FlexVol to a FlexVol)

In addition to that, there is compatability out of the gate with OnCommand products. The OnCommand TME Yuvaraju B has created a video showing this, which you can see here:


This section is added after the blog post was already published, as per one of the blog comments. I just simply forgot to mention it. 🙂

In the first release of NetApp FlexGroup, we’ll have access to snapshot functionality. Essentially, this works the same as regular snapshots in ONTAP – it’s done at the FlexVol level and will capture a point in time of the filesystem and lock blocks into place with pointers. I cover general snapshot technology in the blog post Snapshots and Polaroids: Neither Last Forever.

Because a FlexGroup is a collection of member FlexVols, we want to be sure snapshots are captured at the exact same time for filesystem consistency. As such, FlexGroup snapshots are coordinated by ONTAP to be taken at the same time. If a member FlexVol cannot take a snapshot for any reason, the FlexGroup snapshot fails and ONTAP cleans things up.


FlexGroup supports SnapMirror for disaster recovery. This currently replicates up to 32 member volumes per FlexGroup (100 total per cluster) to a DR site. SnapMirror will take a snapshot of all member volumes at once and then do a concurrent transfer of the members to the DR site.

Automatic Incremental Resiliency

Also included in the FlexGroup feature is a new mechanism that seeks out metadata inconsistencies and fixes them when a client requests access, in real time. No outages. No interruptions. The entire FlexGroup remains online while this happens and the clients don’t even notice when a repair takes place. In fact, no one would know if we didn’t trigger a pesky EMS message to ONTAP to ensure a storage administrator knows we fixed something. Pretty underrated new aspect of FlexGroup, if you ask me.

How do you get NetApp FlexGroup?

NetApp FlexGroup is currently available in ONTAP 9.1 for general availability. It can be used by anyone, but should only be used for the specific use cases covered in the FlexGroup TR-4557. I also cover best practices in TR-4571.

In ONTAP 9.1, FlexGroup supports:

  • NFSv3 and SMB 2.x/3.x (RC2 for SMB support; see TR-4571 for feature support)
  • Snapshots
  • SnapMirror
  • Thin Provisioning
  • User and group quota reporting
  • Storage efficiencies (inline deduplication, compression, compaction; post-process deduplication)
  • OnCommand Performance Manager and System Manager support
  • All-flash FAS (incidentally, the *only* all-flash array that currently supports this scale)
  • Sharing SVMs with FlexVols
  • Constituent volume moves

To get more information, please email

What other ONTAP 9 features enhance NetApp FlexGroup volumes?

While FlexGroup as a feature is awesome on its own, there are also a number of ONTAP 9 features added that make a FlexGroup even more attractive, in my opinion.

I cover ONTAP 9 in ONTAP 9 RC1 is now available! but the features I think benefit FlexGroup right out of the gate include:

  • 15 TB SSDs – once we support flash, these will be a perfect fit for FlexGroup
  • Per-aggregate CPs – never bottleneck a node on an over-used aggregate again
  • RAID Triple Erasure Coding (RAID-TEC) – triple parity to add extra protection to your large data sets

Be sure to keep an eye out for more news and information regarding FlexGroup. If you have specific questions, I’ll answer them in the comments section (provided they’re not questions I’m not allowed to answer). 🙂

If you missed the NetApp Insight session I did on FlexGroup volumes, you can find session 60411-2 here:

(Requires a login)

Also, check out my blog on XCP, which I think would be a pretty natural fit for migration off existing NAS systems onto FlexGroup.

Behind the Scenes: Episode 57 – Scale Out Networking in ONTAP

Welcome to the Episode 57, part of the continuing series called “Behind the Scenes of the NetApp Tech ONTAP Podcast.”

This week on the podcast, we invite Juan Mojica (@juan_m_mojica), Product Manager at NetApp, for a technical discussion about scale out networking in ONTAP. We cover IP Spaces, broadcast domains and subnets, as well as some other tidbits to help you understand how the network stack works in your cluster.

We originally had plans for another podcast on a new feature in ONTAP 9.1, but then we found out we couldn’t publish it until the week of Insight. So…. stay tuned! 😉

Finding the Podcast

The podcast is all finished and up for listening. You can find it on iTunes or SoundCloud or by going to

Also, if you don’t like using iTunes or SoundCloud, we just added the podcast to Stitcher.

I also recently got asked how to leverage RSS for the podcast. You can do that here:

You can listen here:

What’s the deal with remote I/O in ONTAP?


I’m sure most of you have seen Seinfeld, so be sure to read the title in your head as if Seinfeld is delivering it.

I used a comedian as a starter because this post is about a question that I get asked – a lot – that is kind of a running joke by now.

The set up…

When Clustered Data ONTAP first came out, there was a pretty big kerfuffle (love that word) about the architecture of the OS. After all, wasn’t it just a bunch of 7-Mode systems stitched together with duct tape?

Actually, no.

It’s a complete re-write of the ONTAP operating system, for one. The NAS stack from 7-Mode was gutted and became a new architecture built for clustering.

Then, in 8.1, the SAN concepts in 7-Mode were re-done for clustering.

So, while a clustered Data ONTAP cluster is, at the hardware level, a series of HA pairs stitched together with a 10GB network, the operating system has been turned into essentially what I like to call a storage blade center. Your storage systems span clusters of up to 24 physical hardware nodes, effectively obfuscating the hardware and allowing a single management plane for the entire subsystem.

Every node in a cluster is aware of every other node, as well as every other storage object. If a volume lives on node 1, then node 20 knows about it and where it lives via the concept of a replicated database (RDB).

Additionally, the cluster also has a clustered networking stack, where an IP address or WWPN is presented via a logical interface (a LIF). While SAN LIFs have to stay put and leverage host-side pathing for data locality, NAS LIFs have the ability to migrate across any node and any port in the cluster.

However, volumes are still located on physical disks and owned by physical nodes, even though you can move them around via volume move or vol rehost. LIFs are still located on physical ports and nodes, even though you can move them around and load balance connections on them. This raises the question…

What is the deal with remote I/O in ONTAP?

Since you can have multiple nodes in a cluster and a volume can only exist on one node (well, unless you want to check out FlexGroups), and since data LIFs live on single or aggregated ports on a single node, you are bound to run into scenarios where you end up traversing the backend cluster network for data operations unless you want to take on the headache of ensuring every client mounts to a specific IP address to ensure data locality, or you want to leverage one of the data locality features in NAS, such as pNFS or node referrals on initial connection (available for NFSv4.x and CIFS/SMB). I cover some of the NFS-related data locality features in TR-4067, and CIFS autolocation is covered in TR-4191.

In SAN, we have ALUA to manage that locality (or optimized paths), but even adding an extra layer of protection in the form of protocol locality can’t avoid scenarios where interfaces go down or volumes move around after a TCP connection has been established.

That backend network? Why, it’s a 10GB dedicated network with 2-4 dedicated ports per node. No other data is allowed on the network other than cluster operations. Data I/O traverses the network in a proprietary protocol known as SpinNP, which leverages TCP to guarantee the arrival of packets. And, with the advent of 40GB ethernet and other speedier methods of data transfer, I’d be shocked if we didn’t see that backend network improve over the next 5-10 years. The types of operations that traverse the cluster network include:

  • SpinNP for data/local snapmirror
  • ZAPI calls

That’s pretty much it. It’s a beefy, robust backend network that is *extremely* hard to saturate. You’re more likely to bottleneck somewhere else (like your client) before you overload a cluster network.

So now that we’ve established that remote I/O will likely happen, let’s talk about if that matters…

The punchline


Remote I/O absolutely adds overhead to operations. There’s no technical way around saying it. Suggesting there is no penalty would be dishonest. The amount of penalty, however, varies, depending on protocol. This is especially true when  you consider that NAS operations will leverage a fast path when you localize data.

But the question wasn’t “is there a penalty?” The question is “does it matter?”

I’ll answer with some anecdotal evidence – I spent 5 years in support, working on escalations for clustered Data ONTAP for 3 of those years. I closed thousands of cases over that time period. In that time, I *never* fixed a performance issue by making sure a customer used a local data path.  And believe me, it wasn’t for lack of effort. I *wanted* remote traffic to be the root cause, because that was the easy answer.

Sure, it could help when dealing with really low latency applications, such as Oracle. But in those cases, you architect the solution with data locality in mind. In the other vast majority of scenarios, the “remote I/O” penalty is pretty much irrelevant and causes more hand wringing than necessary.

The design of clustered Data ONTAP was intended to help storage administrators stop worrying about the layout of the data. Let’s start allowing it to do its job!

Behind the Scenes: Episode 46 – FlexGroups!


Welcome to the Episode 46, part of the continuing series called “Behind the Scenes of the NetApp Tech ONTAP Podcast.”

This is yet another in the series of episodes for ONTAP 9 month on the podcast.


Be sure to check out the post on FlexGroups here:

FlexGroups: An evolution of NAS

This week, we get to chat about my newest pet project, FlexGroups. In addition to my work on NFS and Name Services, I am picking up this new and exciting NAS enhancement. Look for more information on this blog soon, as well as at Insight!

We brought in the Product Managers for FlexGroups, Sunitha Rao and Shriya Paramkusam, as well as the principal developer on FlexGroups, Richard Jernigan. Richard is a long time NetApp developer who has worked on previous iterations of distributed filesystems in ONTAP.

FlexGroups are a new distributed NAS filesystem, intended to provide up to 20PB of capacity, 400 billion (!) files and automated load balancing to ensure your cluster gets even distribution of load. I’ll be writing up a new blog post soon about them in more detail.

But for now, check out the podcast…

Finding the Podcast

The podcast is all finished and up for listening. You can find it on iTunes or SoundCloud or by going to

Also, if you don’t like using iTunes or SoundCloud, we just added the podcast to Stitcher.

I also recently got asked how to leverage RSS for the podcast. You can do that here:

The official blog is here:

The podcast episode is here: