With the ever prevalent threats that span today’s landscape, NetApp continues to derive and provide security solutions across the portfolio. Links to security resources are found below. As always, stay tuned because just like the threat landscape, these resources are ever changing and being updated!
Products and Solutions
The product and solutions resources provide guidance, recommendations, and best practices with regard to security elements and configurations amongst the NetApp portfolio.
ONTAP 9 Security Datasheet - The ONTAP 9 Security Datasheet provides a comprehensive list of security features and functions available in ONTAP 9 - So if the question is, “what are all the security features/functions in ONTAP 9?”, This is your resource!
Security Hardening Guide for NetApp ONTAP 9 - We humbly refer to the Security Hardening Guide for NetApp ONTAP 9 as your key resource when it comes to answering the question, “how do I deploy ONTAP 9 in the most secure fashion?”. The hardening guide provides the recommended commands and configs necessary to enable ONTAP 9 in the most secure configuration.
- When it comes to understanding the configuration and management details of NSE and NVE, including deployment, certificates, onboard key management and more, the Power Guide is the key resource!
ONTAP 9 Network Management Guide - While this guide provides vast elements surrounding ONTAP networking (IPv4, v6, IPSpaces, and more), it also captures some key security elements such as managing SVMs, protocol restrictions and firewall configuration in addition to control plane elements such as DNS, SNMP, FIPS configuration, and MTU details. The Network Management Guide also shows list of ports used in ONTAP, also listed in the hardening guide.
- You can enable login accounts for ONTAP cluster administrators and storage virtual machine (SVM) administrators. You can also use role-based access control (RBAC) to define the capabilities of administrators.
- How to configure NFS Kerberos support in ONTAP for Active Directory and Red Hat Enterprise Linux (RHEL) clients.
- Lightweight Directory Access Protocol (LDAP) configuration as a method for UNIX identity management and name mapping for multiprotocol NAS access in ONTAP.
DS-3898: NetApp Storage Encryption and NetApp Volume Encryption - When it comes to encryption at rest there are many questions about the capabilities. The NSE and NVE Datasheet seeks to quell such questions by providing a comprehensive understanding of what NSE is, what NVE is, use cases, and how they can be leveraged individually or together for a true dual/double encryption solution.
NetApp Storage Encryption Datasheet - The NSE Datasheet provides a holistic overview of the NSE solution and use cases. If you have ever wondered what NSE is, what we mean by self encrypting drives, or what encryption algorithm is in use, this is the resource for you!
NetApp Volume Encryption Datasheet - The NVE Datasheet provides a holistic overview of the NVE solution and use cases. If you have ever wondered what NVE is, or what encryption algorithm it uses, this is the resource for you!
- Ver 1, Rel 1 of the NetApp ONTAP DSC 9.x STIG has been posted to the Security Technical Implementation Guides (STIGs) Document Library.
Threat resources consist of guidance to address known threats through a combination of prevention, mitigation, and remediation.
The NetApp Solution for Ransomware - Ransomware wages war on every environment. Being the custodians of one of the world’s most valuable resources (data/information), it’s imperative that we protect it. When it comes to ransomware, this is your guide to addressing and remediating the threat.
NetApp and Varonis ransomware white paper - As a companion to the NetApp Solution for Ransomware, we have partnered with Varonis in addressing the advanced techniques around this threat. We have discussed and captured the solution in this joint white paper.
Integration and Solutions Guides
As we continue to tout the key elements of security including key management, we understand the challenges and value of timeliness as it applies to adoption and deployment. Due to such challenges we provide integration guides where we walk through the configuration/provisioning of “key” elements such as key managers, FPolicy, and other security laden integration solutions.
NetApp ONTAP 9 External Key Management: Vormetric Key Management Integration Guide - The Vormetric integration guide for ONTAP 9 depicts how to provision the Vormetric (Thales) key manager for use with ONTAP 9.
Compliance continues to evolve and shape the manner in which we address the organization’s of today and more importantly how we address securing the data. Remember Security does not equal Compliance, but security does in fact aid in addressing the challenge.