Release notes
System Manager insights
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
Beginning with ONTAP 9.11.1, System Manager displays insights that help you optimize the performance and security of your system.
|
To view, customize, and respond to insights, refer to Gain insights to help optimize your system |
Capacity insights
System Manager can display the following insights in response to capacity conditions in your system:
Insight |
Severity |
Condition |
Fixes |
|---|---|---|---|
Local tiers are lacking space |
Remediate risks |
One or more local tiers are more than 95% full and quickly growing. Existing workloads might be unable to grow, or in extreme cases, existing workloads might run out of space and fail. |
Recommended fix: Perform one of following options.
|
Applications are lacking space |
Needs attention |
One or more volumes are more than 95% full, but they do not have autogrow enabled. |
Recommended: Enable autogrow up to 150% of current capacity. Other options:
|
FlexGroup volume's capacity is imbalanced |
Optimize storage |
The size of the constituent volumes of one or more FlexGroup volumes has grown unevenly over time, leading to an imbalance in capacity usage. If the constituent volumes become full, write failures could occur. |
Recommended: Rebalance the FlexGroup volumes. |
Storage VMs are running out of capacity |
Optimize storage |
One or more storage VMs are near their maximum capacity. You will not babe able to provision more space for new or existing volumes if the storage VMs reach maximum capacity. |
Recommended: If possible, increase the maximum capacity limit of the storage VM. |
Security insights
System Manager can display the following insights in response to conditions that might jeopardize the security of your data or your system.
Insight |
Severity |
Condition |
Fixes |
|---|---|---|---|
Volumes are still in anti-ransomware learning mode |
Needs attention |
One or more volumes have been in the anti-ransomware learning mode for 90 days. |
Recommended: Enable the anti-ransomware active mode for those volumes. |
Automatic deletion of Snapshot copies is enabled on volumes |
Needs attention |
Snapshot auto-deletion is enabled on one or more volumes. |
Recommended: Disable the automatic deletion of Snapshot copies. Otherwise, in case of a ransomware attack, data recovery for these volumes might not be possible. |
Volumes don't have Snapshot policies |
Needs attention |
One or more volumes don't have an adequate Snapshot policy attached to them. |
Recommended: Attach a Snapshot policy to volumes that don't have one. Otherwise, in case of a ransomware attack, data recovery for these volumes might not be possible. |
Native FPolicy is not configured |
Best practice |
Native FPolicy is not configured on one or more NAS storage VMs. |
Recommended: IMPORTANT: Blocking extensions might lead to unexpected results. Beginning in 9.11.1, you can enable native FPolicy for storage VMs, which blocks over 3000 file extensions known to be used for ransomware attacks. Configure native FPolicy in NAS storage VMs to control the file extensions that are allowed or not allowed to be written on volumes in your environment. |
Telnet is enabled |
Best practice |
Secure Shell (SSH) should be used for secure remote access. |
Recommended: Disable Telnet and use SSH for secure remote access. |
Too few NTP servers are configured |
Best practice |
The number of servers configured for NTP is less than 3. |
Recommended: Associate at least three NTP servers with the cluster. Otherwise, problems can occur with the synchronization of the cluster time. |
Remote Shell (RSH) is enabled |
Best practice |
Secure Shell (SSH) should be used for secure remote access. |
Recommended: Disable RSH and use SSH for secure remote access. |
Login banner isn't configured |
Best practice |
Login messages are not configured either for the cluster, for the storage VM, or for both. |
Recommended: Setup the login banners for the cluster and the storage VM and enable their use. |
AutoSupport is using a nonsecure protocol |
Best practice |
AutoSupport is not configured to communicate via HTTPS. |
Recommended: It is strongly recommended to use HTTPS as the default transport protocol to send AutoSupport messages to technical support. |
Default admin user is not locked |
Best practice |
Nobody has logged in using a default administrative account (admin or diag), and these accounts are not locked. |
Recommended: Lock default administrative accounts when they are not being used. |
Secure Shell (SSH) is using nonsecure ciphers |
Best practice |
The current configuration uses nonsecure CBC ciphers. |
Recommended: You should allow only secure ciphers on your web server to protect secure communication with your visitors. Remove ciphers that have names containing "cbc", such as "ais128-cbc", "aes192-cbc", "aes256-cbc", and "3des-cbc". |
Global FIPS 140-2 compliance is disabled |
Best practice |
Global FIPS 140-2 compliance is disabled on the cluster. |
Recommended: For security reasons, you should enable Global FIPS 140-2 compliant cryptography to ensure ONTAP can safely communicate with external clients or server clients. |
Volumes aren't being monitored for ransomware attacks |
Needs attention |
Anti-ransomware is disabled on one or more volumes. |
Recommended: Enable anti-ransomware on the volumes. Otherwise, you might not notice when volumes are being threatened or under attack. |
Storage VMs aren't configured for anti-ransomware |
Best practice |
One or more storage VMs aren't configured for anti-ransomware protection. |
Recommended: Enable anti-ransomware on the storage VMs. Otherwise, you might not notice when storage VMs are being threatened or under attack. |
Configuration insights
System Manager can display the following insights in response to concerns about the configuration of your system.
Insight |
Severity |
Condition |
Fixes |
|---|---|---|---|
Cluster isn't configured for notifications |
Best practice |
Email, webhooks, or an SNMP traphost is not configured to let you receive notifications about problems with the cluster. |
Recommended: Configure notifications for the cluster. |
Cluster isn't configured for automatic updates. |
Best practice |
The cluster hasn't been configured to receive automatic updates for the latest disk qualification package, disk firmware, shelf firmware, and SP/BMC firmware files when they are available. |
Recommended: Enable this feature. |
Cluster firmware isn't up-to-date |
Best practice |
Your system doesn't have the latest update to the firmware which could have improvements, security patches, or new features that help secure the cluster for better performance. |
Recommended: Update the ONTAP firmware. |