Saturday, 17 November 2018

NetApp HCI: Some Notes, References and Links

I‘ve not posted anything about NetApp HCI since July 2017 (my first and only dedicated post), so about time to update!
Note: The below is correct at time of writing (mid-November 2018)

NetApp HCI Installation Workbook
This is something a customer will be sent prior to a NetApp/Partner Professional Services installation engagement. Essentially it is to make sure the environment and required information (network switches, DNS, NTP, IP address, VLANs, etcetera...) is ready prior to the PS Engineer arriving on site.

NetApp HCI Core Software
The HCI software is pre-loaded on the nodes, but if they shipped on a previous version and you want the latest, or perhaps you’re testing and want to blat it to start anew:
From the above you can download:
Software download for NetApp HCI compute node:
Software download for NetApp HCI storage nodes, Element OS:
Software download for NetApp HCI management node:

(Other) NetApp HCI Software

NetApp HCI Documentation
Key documents:

NetApp Interoperability Matrix Tool
Solution Search > Converged Infrastructure > NetApp HCI
Briefly - supported includes:
- VMware ESXi 6.0 U3 / 6.5 U1 / 6.5 U2 / 6.7
- Element OS 10.0 / 10.1 / 10.2 / 10.3 / 10.4
*See VMware HCL for all Guest OSes that are supported.

Blogs on NetApp HCI
NetApp HCI: It’s So Easy, It’s Almost Anti-Climactic
HCI - Hero from Day Zero
NetApp HCI: The first installation. The force awakens (and it glows)
NetApp HCI: Your Biggest Questions Answered

NetApp HCI YouTube Videos

NetApp TRs and NVAs
General Technical Reports:
Solution Specific Technical Reports and NetApp Verified Architectures

Image: After racking, cabling, and powering, just this left to do (from the ISI)

Additionally, if you’re NetApp/Partner, a few extra resources:
1) check out the ‘NetApp HCI Product Page
This includes additional brainshark videos:
Also a Technical Presentation and ‘POC/Test Plan
2) The HCI PS Experts Team Sharepoint page:
Here you will find the HCI_Installation_Workbook_v2.1.xlsm amongst other things.

Sunday, 11 November 2018

NetApp Storage Encryption (NSE) Researches (Specifically with Regards to Upgrading from Clustered ONTAP 8.2.1)

Some NSE (NetApp Storage Encryption) links that may be useful if you’re looking to upgrade a system with NSE disks from 8.2.1 to 9.3. A typical upgrade path would be 8.2.1 -> 8.3.2 -> 9.1 -> 9.3 (the minimum recommended P-releases at the time of writing are 8.3.2P12, 9.1P15, 9.3P8).

How to upgrade Data ONTAP 8.3 (or prior) to 8.3.1 or later that is using NetApp Storage Encryption

NSE: How to upgrade a NSE controller with external key management (KMIP) server to ONTAP 9.3 or later

NetApp IMT
To check your solution is supported with the various ONTAP versions, search for:
Storage Solution = Key Managers

NetApp Hardware Universe
Check your platform supports the version of ONTAP you want to go to.

TR-4074: NetApp Storage Encryption: Preinstallation Requirements and Procedures for SafeNet KeySecure

Setting up Storage Encryption (in 8.2.1)

Managing Storage Encryption (in 8.2.1)

(PDF) Clustered Data ONTAP 8.2 Physical Storage Management Guide (Updated for 8.2.1)
Similar to the above two links but the PDF version. Check from page 74 “Managing Storage Encryption”.

How to configure NSE in clustered Data ONTAP 8.3.1 and later

(GPS) NetApp Storage Encryption NSE

Services Partners: NSE - How to boot NSE when Key Servers are down or unreachable

Other non-NSE Specific Stuff (Upgrade related stuff)

Clustered Data ONTAP 8.3.2 Upgrade and Revert/Downgrade Guide

{EITHER} How to Check Data ONTAP 8.3.2 Upgrade Requirements Using A PowerShell Script

{AND/OR} "Steps for preparing for a major upgrade" ~ pages 32-68

Install Validation Failed. ERROR: LIF sufficiency check failed

ONTAP 9.1 Upgrade and Revert/Downgrade Guide

Upgrading Clustered Data ONTAP 8.3x To ONTAP 9.1 Using Automated Nondisruptive Upgrade Method

Researches on NVE (NetApp Volume Encryption)

I needed to quickly swot up on NetApp Volume Encryption (NVE), hence I compiled a few links I found/thought useful. NVE has been out since late 2016 now. It’s simple (after less than 2 hours swotting, I felt I knew everything I needed to know.) Here are the links with a few notes.
Note: Some of these links require you to have already logged into the relevant website.

(2016.09.26) Behind the Scenes: Episode 59 – NetApp Volume Encryption
NVE is available in ONTAP 9.1
Previously, to encrypt data at rest on ONTAP systems (with NSE), it was an all or nothing deal.
ONTAP 9 introduced the ability to do an on-box key management (for NSE).
With NVE you can encrypt data at a per-volume level.
NVE leverages the AES-NI capabilities on CPU, so there are hardware restrictions.
Supported platforms include:
- FAS 6280 and 6290
- FAS 8xxx
- And all the newest released platforms (A series, FAS9xxx, etc)

ONTAP 9 Documentation Center
Configuring NetApp Volume Encryption
Enabling encryption on a new volume
Starting with ONTAP 9.2, you can enable encryption on a SnapLock volume.
Enabling encryption on an existing volume with the volume encryption conversion start command
Starting with ONTAP 9.3, you can use the volume encryption conversion start command to enable encryption on an existing volume.
Enabling encryption on an existing volume with the volume move start command
(The only method in ONTAP 9.1 and ONTAP 9.2.)

(VIDEO) NetApp Volume Encryption (NVE)
Setting up the key manager. Encrypting an existing volume and creating a new volume.

(2018.01.09) Worry Less in the New Year with NetApp Volume Encryption
Article by Jeff Baxter (Chief Evangelist for NetApp’s ONTAP Software & Systems Group.)

Docs & Knowledgebase > GPS > NetApp Volume Encryption (NVE)
Useful links including:
Services Partners: What are the Licensing details for NetApp Volume Encryption (NVE)?

(PDF Manual) NetApp Encryption Power Guide - ONTAP 9

(PDF Datasheet) NetApp Volume Encryption

Hardware Universe
If you need to check if platform can do NVE.

Technical FAQ - NetApp Volume Encryption
Arguably the most useful document but it is only available to NetApp Personnel and Partners. It answered a specific question I was interested in:
Q: Can my source volume be encrypted and my SnapMirror target be unencrypted, or conversely?
A: Yes. The source volume and destination volume can have different encryption settings.
Note: The published NVE datasheet contains many of details covered in this technical FAQ.

Tuesday, 6 November 2018

Tech Roundup - 6th November 2018

Stuff collated since Tech Roundup - 23rd September 2018. With headings:
Cisco (FlexPod), CompTIA (and Cybersecurity), Flackbox, Industry Commentary, Microsoft, NetApp, Veeam, VMware

Cisco (FlexPod)

FlexPod Datacenter with Cisco ACI Multi-Pod, NetApp MetroCluster IP, and VMware vSphere 6.7 Design Guide

FlexPod Datacenter with Cisco ACI Multi-Pod, NetApp MetroCluster IP, and VMware vSphere 6.7 Deployment Guide

CompTIA (and Cybersecurity)

Cool Jobs: Using Cybersecurity to Protect Nuclear Power Plants

Cybersecurity Careers: Learn More About Penetration Testing

Cybersecurity Certificates, Certifications and Degrees: How to Choose

CASP vs. CISSP: 4 Advantages of CompTIA’s Advanced Cybersecurity Certification


List of VSA Virtual Storage Appliances and SAN Storage Simulators

Industry Commentary

Six Reasons for Multi-Cloud Computing

IBM, Red Hat and Multi-Cloud Management: What It Means for IT Pros


Azure File Sync is now available to the public
*Posted on Tuesday, September 26, 2017



NetApp Cloud API Documentation

Image: NetApp Cloud API Documentation

Cloud Volumes Services

NetApp Kubernetes Service Demo

Azure NetApp Files Demo

NetApp Cloud Volumes Service for AWS Demo

File Storage for AWS is Now Simpler and Faster

Discover How Data Creates Medical Breakthroughs

Transforming Medical Care With Data in the Cloud (Changing the World with Data)

DreamWorks Animation: Creating at the Speed of Imagination

Building Big Data Analytics Application on AWS with NetApp Cloud Volumes

Scaling Oracle Databases in the Cloud with NetApp Cloud Volumes

NetApp Cloud Volumes as a Persistent Storage Solution for Containers

New TRs

New NVAs (NetApp Verified Architectures)

VMware Private Cloud on NetApp HCI: NVA Design

Red Hat OpenShift Container Platform with NetApp HCI: NVA Design
Red Hat OpenShift Container Platform
The Easy Button for Delivering Better Experiences. Faster. With NetApp and Red Hat.

New Posts by Justin Parisi

New on Tech ONTAP Podcast (hosted by Justin Parisi)

New on ThePub

October 2: My Name is Rocky

New on


Veeam Backup & Replication: Quick Migration


Introducing Project Dimension

VMworld 2018: We’re Rethinking the Limits of Innovation

Taking Innovation to New and Unexpected Levels at VMworld 2018

What’s New in vSAN6.7 Update 1

What’s New in vRealize Operations 7.0

Building on the Success of Workspace ONE

Solution Brief: SD-WAN Simplified

Thursday, 4 October 2018

SSH Plus for Windows (SSH.exe with Password Functionality)

Carrying on from How to Pass a Password (and Enter press) to a Prompt in Powershell, I wrote this little module that I call ‘SSH Plus for Windows’. Copy and paste the script below into a text editor, and save as say SSH_PLUS.psm1. Then to use it, follow the example below:

PS> import-module C:\SCRIPTS\SSH_PLUS.psm1
PS> SSHplus-pass
Password: *********
PS> ssh+ admin@ node show local

The function SSHplus-pass supplies a password (which is stored in a global variable for as long as the PowerShell window stays open). There are also functions SSHplus-path which allows setting a path for the temporary PS1 file we create, and SSHplus-timeout which allows you to tune the timeout from the default 4 seconds. Instead of Windows SSH.exe (or SSH), run SSH+ - simples!

Note 1: If you’ve never connected to the host before, you will need to cache the SSL key. Use ssh.exe for this.
Note 2: If nothing’s happening, could be that ssh.exe / rssh.exe is still running in the background, kill that and all should be good again.

Image: SSH+ in action (ignore the warning about verbs)

The Script / Module

## SSHplus ##

Function SSHplus-pass{
  If(!$Password){$Global:SecPW = Read-Host "Password" -AsSecureString}
  Else{$Global:SecPW = $Password | ConvertTo-SecureString -AsPlainText -Force}

Function SSHplus-path{
  If(!$TempFolderPath){$TempFolderPath = Read-Host "Path for SSHplus Temp File"}
  If(!(Test-Path ($TempFolderPath))){"Invalid path!";RETURN}
  $Global:TmpFolderPath = $TempFolderPath

Function SSHplus-timeout{Param([Int]$Global:SSHtimeout = 4)}

Function SSH+{
  If(!$Global:SecPW){"Use SSHplus-pass to enter password.";RETURN}
  If(!$Global:TmpFolderPath){$Global:TmpFolderPath = $Pwd}
  [String]$TempFilePath = Join-Path $Global:TmpFolderPath "SSH+_Temp.ps1"
  "TEST" | Set-Content $TempFilePath
  If(!(Test-Path $TempFilePath)){
    [String]("Cannot write to " + $Global:TmpFolderPath + ". Use SSHplus-path to enter path of SSH+ Temp File.")
  If(!$Global:SSHtimeout){$Global:SSHtimeout = 4}
  # ARGs are expected as: ssh+ user@host command ...
  [String]$UserAtDest = $Args[0]
  [String]$Dest = ($Args[0].Split("@"))[0]
  $Args[0] = ""
  [String]$Command = ""
  $Args | Foreach{ $Command += ($_ + " ") }
  $Command = $Command.Trim(" ")
  $Window = (Get-Host).UI.RawUI
  $resize = $Window.BufferSize
  $resize.Height = 9999
  $resize.Width = 9999
  $Window.BufferSize = $resize
  $host.ui.RawUI.WindowTitle = "Windows PowerShell w SSH+"
  $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Global:SecPW)
  [String]$CTPW = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
  ## CREATE THE TEMP PS FILE (this PS1 activates after the SSH command) ##
  If(Test-Path $TempFilePath){Remove-Item -Path $TempFilePath}
  [System.Array]$Temp = @()
  $Temp += ('Sleep ' + "$Global:SSHtimeout")
  $Temp += ('$wshell = New-Object -ComObject')
  $Temp += ('$wshell.AppActivate("Windows PowerShell w SSH+")')
  $Temp += ('$wshell.SendKeys("' + $CTPW + '")')
  $Temp += ('$wshell.SendKeys("~")')
  $Temp += ('Remove-Item -path "' + $TempFilePath + '"')
  $Temp | Set-Content $TempFilePath
  ## ACTIVATE SSH+_Temp.ps1 ##
  start powershell.exe '.\SSH+_Temp.ps1' -WorkingDirectory $Global:TmpFolderPath
  ssh.exe $UserAtDest $Command