Information and Region
NetApp takes the security of customer information very seriously. Here is how and where Cloud Insights stores your information.
What information does Cloud Insights store?
Cloud Insights stores the following information:
Performance data is time-series data providing information about the performance of the monitored device/source. This includes, for example, the number of IOs delivered by a storage system, the throughput of a FibreChannel port, the number of pages delivered by a web server, the response time of a database, and more.
Inventory data consists of metadata describing the monitored device/source and how it is configured. This includes, for example, hardware and software versions installed, disks and LUNs in a storage system, CPU cores, RAM and disks of a virtual machine, the tablespaces of a database, the number and type of ports on a SAN switch, directory/file names (if Cloud Secure is enabled), etc.
This summarizes customer-provided configuration data used to manage customer inventory and operations, e.g. hostnames or IP addresses of the monitored devices, polling intervals, timeout values, etc.
Secrets consist of the credentials used by the Cloud Insights Acquisition Unit to access customer devices and services. These credentials are encrypted using AES-256, and the private keys are stored only on the Acquisition Units and never leave the customer environment. Even privileged Cloud Insights SREs are unable to access customer secrets in plain-text due to this design.
This is data generated as a result of NetApp providing the Cloud Data Service, which informs NetApp in the development, deployment, operations, maintenance, and securing of the Cloud Data Service. Functional Data does not contain Customer Information or Personal Information.
User Access data
Authentication and access information that allows NetApp Cloud Central to communicate with regional Cloud Insights sites, including data related to user Authorization.
Cloud Secure User Directory Data
In cases where the Cloud Secure functionality is enabled AND the customer chooses to enable the User Directory collector, the system will store user display names, corporate email addresses, and other information collected from Active Directory.
|User Directory data refers to user directory information collected by the Cloud Secure User Directory data collector, not to data about the users of Cloud Insights/Cloud Secure themselves.|
No explicit personal data is collected from infrastructure and services resources. Collected information consists of performance metrics, configuration information and infrastructure metadata only, much like many vendor phone-homes, including NetApp auto-support and ActiveIQ. However, depending on a customer’s naming conventions, data for shares, volumes, VMs, qtrees, applications, etc. may contain personally identifiable information.
If Cloud Secure is enabled, the system additionally looks at file and directory names on SMB or other shares, which may contain personally identifiable information. Where customers enable the Cloud Secure User Directory Collector (which essentially maps Windows SIDs to usernames through Active Directory), the display name, corporate email address and any additional attributes selected will be collected and stored by Cloud Insights.
Additionally, access logs to Cloud Insights are maintained and contain users' IP and email addresses used to log into the service.
Where is my information stored?
Cloud Insights stores information according to the region in which your environment is created.
The following information is stored in the host region:
Telemetry and asset/object information, including counters and performance metrics
Acquisition Unit information
Audit information on user activities inside Cloud Insights
Cloud Secure Active Directory information
Cloud Secure Audit information
The following information resides in the United States, regardless of the region hosting your Cloud Insights environment:
Environment site (sometimes called "tenant") information such as site/account owner.
Information that allows NetApp Cloud Central to communicate with regional Cloud Insights sites, including anything to do with user Authorization.
Information related to the relation between the Cloud Insights user and the tenant.