Sunday, 11 November 2018

NetApp Storage Encryption (NSE) Researches (Specifically with Regards to Upgrading from Clustered ONTAP 8.2.1)

Some NSE (NetApp Storage Encryption) links that may be useful if you’re looking to upgrade a system with NSE disks from 8.2.1 to 9.3. A typical upgrade path would be 8.2.1 -> 8.3.2 -> 9.1 -> 9.3 (the minimum recommended P-releases at the time of writing are 8.3.2P12, 9.1P15, 9.3P8).

How to upgrade Data ONTAP 8.3 (or prior) to 8.3.1 or later that is using NetApp Storage Encryption

NSE: How to upgrade a NSE controller with external key management (KMIP) server to ONTAP 9.3 or later

NetApp IMT
To check your solution is supported with the various ONTAP versions, search for:
Storage Solution = Key Managers

NetApp Hardware Universe
Check your platform supports the version of ONTAP you want to go to.

TR-4074: NetApp Storage Encryption: Preinstallation Requirements and Procedures for SafeNet KeySecure

Setting up Storage Encryption (in 8.2.1)

Managing Storage Encryption (in 8.2.1)

(PDF) Clustered Data ONTAP 8.2 Physical Storage Management Guide (Updated for 8.2.1)
Similar to the above two links but the PDF version. Check from page 74 “Managing Storage Encryption”.

How to configure NSE in clustered Data ONTAP 8.3.1 and later

(GPS) NetApp Storage Encryption NSE

Services Partners: NSE - How to boot NSE when Key Servers are down or unreachable

Other non-NSE Specific Stuff (Upgrade related stuff)

Clustered Data ONTAP 8.3.2 Upgrade and Revert/Downgrade Guide

{EITHER} How to Check Data ONTAP 8.3.2 Upgrade Requirements Using A PowerShell Script

{AND/OR} "Steps for preparing for a major upgrade" ~ pages 32-68

Install Validation Failed. ERROR: LIF sufficiency check failed

ONTAP 9.1 Upgrade and Revert/Downgrade Guide

Upgrading Clustered Data ONTAP 8.3x To ONTAP 9.1 Using Automated Nondisruptive Upgrade Method

Researches on NVE (NetApp Volume Encryption)

I needed to quickly swot up on NetApp Volume Encryption (NVE), hence I compiled a few links I found/thought useful. NVE has been out since late 2016 now. It’s simple (after less than 2 hours swotting, I felt I knew everything I needed to know.) Here are the links with a few notes.
Note: Some of these links require you to have already logged into the relevant website.

(2016.09.26) Behind the Scenes: Episode 59 – NetApp Volume Encryption
NVE is available in ONTAP 9.1
Previously, to encrypt data at rest on ONTAP systems (with NSE), it was an all or nothing deal.
ONTAP 9 introduced the ability to do an on-box key management (for NSE).
With NVE you can encrypt data at a per-volume level.
NVE leverages the AES-NI capabilities on CPU, so there are hardware restrictions.
Supported platforms include:
- FAS 6280 and 6290
- FAS 8xxx
- And all the newest released platforms (A series, FAS9xxx, etc)

ONTAP 9 Documentation Center
Configuring NetApp Volume Encryption
Enabling encryption on a new volume
Starting with ONTAP 9.2, you can enable encryption on a SnapLock volume.
Enabling encryption on an existing volume with the volume encryption conversion start command
Starting with ONTAP 9.3, you can use the volume encryption conversion start command to enable encryption on an existing volume.
Enabling encryption on an existing volume with the volume move start command
(The only method in ONTAP 9.1 and ONTAP 9.2.)

(VIDEO) NetApp Volume Encryption (NVE)
Setting up the key manager. Encrypting an existing volume and creating a new volume.

(2018.01.09) Worry Less in the New Year with NetApp Volume Encryption
Article by Jeff Baxter (Chief Evangelist for NetApp’s ONTAP Software & Systems Group.)

Docs & Knowledgebase > GPS > NetApp Volume Encryption (NVE)
Useful links including:
Services Partners: What are the Licensing details for NetApp Volume Encryption (NVE)?

(PDF Manual) NetApp Encryption Power Guide - ONTAP 9

(PDF Datasheet) NetApp Volume Encryption

Hardware Universe
If you need to check if platform can do NVE.

Technical FAQ - NetApp Volume Encryption
Arguably the most useful document but it is only available to NetApp Personnel and Partners. It answered a specific question I was interested in:
Q: Can my source volume be encrypted and my SnapMirror target be unencrypted, or conversely?
A: Yes. The source volume and destination volume can have different encryption settings.
Note: The published NVE datasheet contains many of details covered in this technical FAQ.

Tuesday, 6 November 2018

Tech Roundup - 6th November 2018

Stuff collated since Tech Roundup - 23rd September 2018. With headings:
Cisco (FlexPod), CompTIA (and Cybersecurity), Flackbox, Industry Commentary, Microsoft, NetApp, Veeam, VMware

Cisco (FlexPod)

FlexPod Datacenter with Cisco ACI Multi-Pod, NetApp MetroCluster IP, and VMware vSphere 6.7 Design Guide

FlexPod Datacenter with Cisco ACI Multi-Pod, NetApp MetroCluster IP, and VMware vSphere 6.7 Deployment Guide

CompTIA (and Cybersecurity)

Cool Jobs: Using Cybersecurity to Protect Nuclear Power Plants

Cybersecurity Careers: Learn More About Penetration Testing

Cybersecurity Certificates, Certifications and Degrees: How to Choose

CASP vs. CISSP: 4 Advantages of CompTIA’s Advanced Cybersecurity Certification


List of VSA Virtual Storage Appliances and SAN Storage Simulators

Industry Commentary

Six Reasons for Multi-Cloud Computing

IBM, Red Hat and Multi-Cloud Management: What It Means for IT Pros


Azure File Sync is now available to the public
*Posted on Tuesday, September 26, 2017



NetApp Cloud API Documentation

Image: NetApp Cloud API Documentation

Cloud Volumes Services

NetApp Kubernetes Service Demo

Azure NetApp Files Demo

NetApp Cloud Volumes Service for AWS Demo

File Storage for AWS is Now Simpler and Faster

Discover How Data Creates Medical Breakthroughs

Transforming Medical Care With Data in the Cloud (Changing the World with Data)

DreamWorks Animation: Creating at the Speed of Imagination

Building Big Data Analytics Application on AWS with NetApp Cloud Volumes

Scaling Oracle Databases in the Cloud with NetApp Cloud Volumes

NetApp Cloud Volumes as a Persistent Storage Solution for Containers

New TRs

New NVAs (NetApp Verified Architectures)

VMware Private Cloud on NetApp HCI: NVA Design

Red Hat OpenShift Container Platform with NetApp HCI: NVA Design
Red Hat OpenShift Container Platform
The Easy Button for Delivering Better Experiences. Faster. With NetApp and Red Hat.

New Posts by Justin Parisi

New on Tech ONTAP Podcast (hosted by Justin Parisi)

New on ThePub

October 2: My Name is Rocky

New on


Veeam Backup & Replication: Quick Migration


Introducing Project Dimension

VMworld 2018: We’re Rethinking the Limits of Innovation

Taking Innovation to New and Unexpected Levels at VMworld 2018

What’s New in vSAN6.7 Update 1

What’s New in vRealize Operations 7.0

Building on the Success of Workspace ONE

Solution Brief: SD-WAN Simplified

Thursday, 4 October 2018

SSH Plus for Windows (SSH.exe with Password Functionality)

Carrying on from How to Pass a Password (and Enter press) to a Prompt in Powershell, I wrote this little module that I call ‘SSH Plus for Windows’. Copy and paste the script below into a text editor, and save as say SSH_PLUS.psm1. Then to use it, follow the example below:

PS> import-module C:\SCRIPTS\SSH_PLUS.psm1
PS> SSHplus-pass
Password: *********
PS> ssh+ admin@ node show local

The function SSHplus-pass supplies a password (which is stored in a global variable for as long as the PowerShell window stays open). There are also functions SSHplus-path which allows setting a path for the temporary PS1 file we create, and SSHplus-timeout which allows you to tune the timeout from the default 4 seconds. Instead of Windows SSH.exe (or SSH), run SSH+ - simples!

Note 1: If you’ve never connected to the host before, you will need to cache the SSL key. Use ssh.exe for this.
Note 2: If nothing’s happening, could be that ssh.exe / rssh.exe is still running in the background, kill that and all should be good again.

Image: SSH+ in action (ignore the warning about verbs)

The Script / Module

## SSHplus ##

Function SSHplus-pass{
  If(!$Password){$Global:SecPW = Read-Host "Password" -AsSecureString}
  Else{$Global:SecPW = $Password | ConvertTo-SecureString -AsPlainText -Force}

Function SSHplus-path{
  If(!$TempFolderPath){$TempFolderPath = Read-Host "Path for SSHplus Temp File"}
  If(!(Test-Path ($TempFolderPath))){"Invalid path!";RETURN}
  $Global:TmpFolderPath = $TempFolderPath

Function SSHplus-timeout{Param([Int]$Global:SSHtimeout = 4)}

Function SSH+{
  If(!$Global:SecPW){"Use SSHplus-pass to enter password.";RETURN}
  If(!$Global:TmpFolderPath){$Global:TmpFolderPath = $Pwd}
  [String]$TempFilePath = Join-Path $Global:TmpFolderPath "SSH+_Temp.ps1"
  "TEST" | Set-Content $TempFilePath
  If(!(Test-Path $TempFilePath)){
    [String]("Cannot write to " + $Global:TmpFolderPath + ". Use SSHplus-path to enter path of SSH+ Temp File.")
  If(!$Global:SSHtimeout){$Global:SSHtimeout = 4}
  # ARGs are expected as: ssh+ user@host command ...
  [String]$UserAtDest = $Args[0]
  [String]$Dest = ($Args[0].Split("@"))[0]
  $Args[0] = ""
  [String]$Command = ""
  $Args | Foreach{ $Command += ($_ + " ") }
  $Command = $Command.Trim(" ")
  $Window = (Get-Host).UI.RawUI
  $resize = $Window.BufferSize
  $resize.Height = 9999
  $resize.Width = 9999
  $Window.BufferSize = $resize
  $host.ui.RawUI.WindowTitle = "Windows PowerShell w SSH+"
  $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Global:SecPW)
  [String]$CTPW = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
  ## CREATE THE TEMP PS FILE (this PS1 activates after the SSH command) ##
  If(Test-Path $TempFilePath){Remove-Item -Path $TempFilePath}
  [System.Array]$Temp = @()
  $Temp += ('Sleep ' + "$Global:SSHtimeout")
  $Temp += ('$wshell = New-Object -ComObject')
  $Temp += ('$wshell.AppActivate("Windows PowerShell w SSH+")')
  $Temp += ('$wshell.SendKeys("' + $CTPW + '")')
  $Temp += ('$wshell.SendKeys("~")')
  $Temp += ('Remove-Item -path "' + $TempFilePath + '"')
  $Temp | Set-Content $TempFilePath
  ## ACTIVATE SSH+_Temp.ps1 ##
  start powershell.exe '.\SSH+_Temp.ps1' -WorkingDirectory $Global:TmpFolderPath
  ssh.exe $UserAtDest $Command

Sunday, 23 September 2018

Tech Roundup - 23rd September 2018

Stuff collated since Tech Roundup - 31st August 2018. With headings:
AWS, IBM, Industry Commentary, Lenovo, Microsoft, NetApp, Tech ONTAP Podcast, NetApp TRs, Security, Virtualization


Elevate Your Cloud Skills Ebook


NetApp ONTAP Select on IBM Cloud

IBM Cloud and NetApp Deliver ONTAP Select Monthly

Industry Commentary

In multi-cloud muddle, vendors must partner for greater good:


Lenovo and NetApp Form Global Strategic Partnership to Accelerate Customers’ Digital Transformation

Lenovo and NetApp Form Global Strategic Partnership to Accelerate Customers’ Digital Transformation


A few Excel hints and tips:

Creating Worksheets with a Macro


Reading ZIP file contents without extraction using PowerShell

How to Protect/Unprotect all Worksheets with VBA in Microsoft Excel 2010

How to reduce a huge excel file


A New Take on Scale-Out Storage Expansion for NetApp HCI and SolidFire

Image: NetApp H610S

NetApp wants to make hybrid HCI Amazon-easy

What the Heck is VMware Private Cloud with NetApp HCI, Anyway?

Accelerate Your Journey to AI with Data

NetApp and NVIDIA Supercharge Deep Learning with New AI Architecture
Accelerate Your Journey to AI with NetApp and NVIDIA
Jim McHugh, NVIDIA and Octavian Tanase, NetApp | Accelerate Your Journey to AI

How Machine Learning Can Improve Quality Test Engineering

Snapshots Deep Dive: AWS Snapshots and Azure Snapshots

NetApp Cloud WORM: Enhancing Data Protection with Locking Features

Element Software Simulator: Try Before You Buy, Use Your Test APIs

NetApp Tech ONTAP Podcast

Episode 157: Performance Analysis Using OnCommand Unified Manager

Episode 156: SnapCenter 4.1

Episode 155: Trident 18.07 and… Goodbye Sully?

NetApp TRs

TR-4716: NetApp Solutions for Hadoop: Reference Architecture: Hortonworks

TR-4715: NetApp In-Place Analytics Module: Joint Reference Architecture

TR-4714: Best Practice Guide for SQL Server Using NetApp SnapCenter



ESXi on Arm? Yes, ESXi on Arm. VMware teases bare-metal hypervisor for 64-bit Arm servers