Recent changes in Cloud Manager

Contributors netapp-bcammett

Learn about the most recent changes to the cloud services that are part of the Cloud Manager platform. For more details, go to the full set of release notes for each individual service.

Administrative features

This section describes new features related to Cloud Manager’s administration features: Accounts, Connectors, cloud provider credentials, and more.

12 May 2022

Connector 3.9.18 patch

We updated the Connector to introduce bug fixes. The most notable fix is to an issue that affects Cloud Volumes ONTAP deployment in Google Cloud when the Connector is in a shared VPC.

2 May 2022

Connector 3.9.18

  • The Connector is now supported in the following Google Cloud regions:

    • Delhi (asia-south2)

    • Melbourne (australia-southeast2)

    • Milan (europe-west8)

    • Santiago (southamerica-west1)

  • When you select the Google Cloud service account to use with the Connector, Cloud Manager now displays the email address that’s associated with each service account. Viewing the email address can make it easier to distinguish between service accounts that share the same name.

    A screenshot of the service account field

  • We have certified the Connector in Google Cloud on a VM instance with an OS that supports Shielded VM features

  • This release of the Connector also includes Cloud Volumes ONTAP enhancements. Learn about those enhancements

  • New AWS permissions are required for the Connector to deploy Cloud Volumes ONTAP.

    The following permissions are now required to create an AWS spread placement group when deploying an HA pair in a single Availability Zone (AZ):

    "ec2:DescribePlacementGroups",
    "iam:GetRolePolicy",

    These permissions are now required to optimize how Cloud Manager creates the placement group.

    Be sure to provide these permissions to each set of AWS credentials that you’ve added to Cloud Manager. You can find the latest list of permissions on the Cloud Manager policies page.

3 April 2022

Connector 3.9.17

Azure NetApp Files

11 April 2021

Support for volume templates

A new Application Templates service enables you to set up a volume template for Azure NetApp Files. The template should make your job easier because certain volume parameters will already be defined in the template, such as capacity pool, size, protocol, VNet and subnet where the volume should reside, and more. When a parameter is already predefined, you can just skip to the next volume parameter.

8 March 2021

Dynamically change service levels

You can now dynamically change the service level for a volume to meet workload needs and optimize your costs. The volume is moved to the other capacity pool with no impact to the volume.

3 August 2020

Azure NetApp Files set up and management

Set up and manage Azure NetApp Files directly from Cloud Manager. After you create an Azure NetApp Files working environment, you can complete the following tasks:

  • Create NFS and SMB volumes.

  • Manage capacity pools and volume snapshots

    Cloud Manager enables you to create, delete, and restore volume snapshots. You can also create new capacity pools and specify their service levels.

  • Edit a volume by changing its size and managing tags.

The ability to create and manage Azure NetApp Files directly from Cloud Manager replaces the previous data migration functionality.

Amazon FSx for ONTAP

27 February 2022

Assume IAM role

When you create an FSx for ONTAP working environment, you now must provide the ARN of an IAM role that Cloud Manager can assume to create an FSx for ONTAP working environment. You previously needed to provide AWS access keys.

31 October 2021

Create iSCSI volumes using Cloud Manager API

You can create iSCSI volumes for FSx for ONTAP using the Cloud Manager API and manage them in your working environment.

Select volume units when creating volumes

4 October 2021

Create CIFS volumes using Cloud Manager

Edit volumes using Cloud Manager

Application Template

3 March 2022

Now you can build a Template to find specific working environments

Using the "Find Existing Resources" action you can identify the working environment, and then use other template actions, such as creating a volume, to easily perform actions on existing working environments. Go here for details.

Ability to create a Cloud Volumes ONTAP HA working environment in AWS

The existing support for creating a Cloud Volumes ONTAP working environment in AWS has been expanded to include creating a high-availability system in addition to a single-node system. See how to create a template for a Cloud Volumes ONTAP working environment.

9 February 2022

Now you can build a Template to find specific existing volumes and then enable Cloud Backup

Using the new "Find Resource" action you can identify all the volumes on which you want to enable Cloud Backup, and then use the Cloud Backup action to enable backup on those volumes.

Current support is for volumes on Cloud Volumes ONTAP and on-premises ONTAP systems. Go here for details.

31 October 2021

Now you can tag your Sync relationships so you can group or categorize them for easy access

Cloud Backup

2 May 2022

Search & Restore is now supported with backup files in Google Cloud Storage

The Search & Restore method of restoring volumes and files was introduced in April for users who store their backup files in AWS. Now the capability is available for users who store their backup files in Google Cloud Storage. See how to restore your volumes and files using Search & Restore.

Configure a backup policy to be applied automatically to newly created volumes in Kubernetes clusters

If you added new persistent volumes to your Kubernetes clusters after Cloud Backup was activated, in the past you needed to remember to configure backups for those volumes. Now you can select a policy that will be applied automatically to newly created volumes. This option is available in the setup wizard when activating Cloud Backup for a new Kubernetes cluster, or from the Backup Settings page for clusters that have already activated Cloud Backup.

Cloud Backup now requires a license before being activated on a working environment

There are a few changes to how licensing is implemented with Cloud Backup:

  • You must sign up for a PAYGO Marketplace subscription from your cloud provider, or purchase a BYOL license from NetApp, before you can activate Cloud Backup.

  • The 30-day Free Trial is available only when using a PAYGO subscription from your cloud provider - it is not available when using the BYOL license.

  • The Free Trial starts the day the Marketplace subscription starts. For example, if you activate the Free Trial after you have been using a Marketplace subscription for 30 days for a Cloud Volumes ONTAP system, the Cloud Backup Trial will not be available.

4 April 2022

Cloud Backup for Applications 1.1.0 (powered by SnapCenter) is now GA

The new Cloud Backup for Applications capability enables you to offload existing application consistent Snapshots (backups) for Oracle and Microsoft SQL from on-premises primary storage to cloud object storage in AWS S3 or Azure Blob.

When required, you can restore this data from cloud to on-premises.

New Search & Restore feature to search for volumes or files across all ONTAP backup files

Now you can search for a volume or file across all ONTAP backup files by partial or full volume name, partial or full file name, size range, and additional search filters. This is a great new way to find the data you want to restore if you are not sure which cluster or volume was the source for the data. Learn how to use Search & Restore.

3 March 2022

Ability to back up persistent volumes from your GKE Kubernetes clusters to Google Cloud storage

If your GKE cluster has NetApp Astra Trident installed, and it’s using Cloud Volumes ONTAP for GCP as backend storage for the cluster, then you can back up and restore your persistent volumes to and from Google Cloud storage. Go here for details.

The Beta capability to use Cloud Data Sense to scan your Cloud Backup files has been discontinued in this release

Cloud Data Sense

11 May 2022

Support added for scanning data in Google Drive accounts

Now you can add your Google Drive accounts to Data Sense in order to scan the documents and files from those Google Drive accounts. See how to scan your Google Drive accounts.

Data Sense can identify Personal Identifiable Information (PII) within the following Google file types from the Google Docs suite — Docs, Sheets, and Slides — in addition to the existing file types.

Directory level view added to the Data Investigation page

In addition to viewing and filtering data from all your files and databases, now you can view and filter data based on all the data within folders and shares in the Data Investigation page. Directories will be indexed for scanned CIFS and NFS shares, and for OneDrive, SharePoint, and Google Drive folders. So now you can view permissions and manage your data on the directory level. See how to select the Directories view of your scanned data.

Expand groups to show the users/members that have permissions to access a file

As part the Data Sense permissions capabilities, now you can view the list of users and groups that have access to a file. Each group can be expanded to show the list of users in the group. See how to view users and groups who have read and/or write permissions to your files.

Two new Filters have been added to the Data Investigation page

  • The “Directory type” filter enables you to refine your data to see folders or shares only. The results will be shown in the new Directories tab.

  • The "User / Group Permissions" filter enables you to list the files, folders, and shares that a specific user or a group has read and/or write permissions to. You can select multiple users and/or group names - or enter a partial name. T

5 April 2022

Four new types of Australian personal data can be identified by Data Sense

Data Sense can identify and categorize files that contain the Australian TFN (Tax File Number), Australian Driver’s License Number, Australian Medicare Number, and Australian Passport Number. See all the types of personal data that Data Sense can identify in your data.

Global Active Directory server can be an LDAP server now

The global Active Directory server you integrate with Data Sense can be an LDAP Server now in addition to the previously supported DNS Server. Go here for details.

15 March 2022

New Filter to show the files to which a specific user or a group has read or write permissions

A new Filter called "User / Group Permissions" has been added so you can list the files that a specific user or a group has read and/or write permissions to. You can select one or more user and/or group names - or enter a partial name. This functionality is available for volumes on Cloud Volumes ONTAP, on-prem ONTAP, Azure NetApp Files, Amazon FSx for ONTAP, and File Shares.

Data Sense can determine the permissions for files in SharePoint and OneDrive accounts

Data Sense can read the permissions that exist for files that are being scanned in OneDrive accounts and SharePoint accounts now. This information appears in the Investigation pane details for files and in the Open Permissions area in the Governance Dashboard.

Two additional types of personal data can be identified by Data Sense

  • French INSEE - The INSEE code is a numerical code used by the French National Institute for Statistics and Economic Studies (INSEE) to identify various entities.

  • Passwords - This information is identified using proximity validation by looking for permutations of the word "password" next to a alphanumeric string. The number of items found will be listed under "Personal Results" in the Compliance Dashboard. You can search for files that contain passwords in the Investigation pane using the Filter Personal Data > Password.

Support for scanning OneDrive and SharePoint data when deployed in a dark site

When you’ve deployed Cloud Data Sense on a host in an on-premises site that doesn’t have internet access, now you can scan local data from OneDrive accounts or SharePoint accounts. You’ll need to allow access to the following endpoints.

The Beta capability to use Cloud Data Sense to scan your Cloud Backup files has been discontinued in this release

Cloud Sync

1 May 2022

Sync timeout

A new Sync Timeout setting is now available for sync relationships. This setting enables you to define whether Cloud Sync should cancel a data sync if the sync hasn’t completed in the specified number of hours or days.

Notifications

A new Notifications setting is now available for sync relationships. This setting enables you to choose whether to receive Cloud Sync notifications in Cloud Manager’s Notification Center. You can enable notifications for successful data syncs, failed data syncs, and canceled data syncs.

A screenshot that shows the Notification Center in Cloud Manager.

3 April 2022

Data broker group enhancements

We made several enhancements to data broker groups:

  • You can now move a data broker to a new or existing group.

  • You can now update the proxy configuration for a data broker.

  • Finally, you can also delete data broker groups.

Dashboard filter

You can now filter the contents of the Sync Dashboard to more easily find sync relationships that match a certain status. For example, you can filter on sync relationships that have a failed status

A screenshot that shows the Filter by sync status option at the top of the dashboard.

3 March 2022

Sorting in the dashboard

You now sort the dashboard by sync relationship name.

A screenshot that shows the Sort by name option that is available from the dashboard.

Enhancement to Data Sense integration

In the previous release, we introduced Cloud Sync integration with Cloud Data Sense. In this update, we enhanced the integration by making it easier to create the sync relationship. After you initiate a data sync from Cloud Data Sense, all of the source information is contained in a single step and only requires you to enter a few key details.

A screenshot that shows the Data Sense Integration page that appears after starting a new sync directly from Cloud Data Sense.

Cloud Tiering

3 May 2022

Cloud Tiering license support for additional cluster configurations

Cloud Tiering licenses can now be shared with your clusters that are in Tiering Mirror configurations (not including MetroCluster configurations) and with clusters that are tiered to IBM Cloud Object Storage. You no longer have to use the deprecated FabricPool licenses for these scenarios. This makes it easier to use the "floating" Cloud Tiering licenses on more of your clusters. See how to license and configure these types of clusters.

4 April 2022

Amazon S3 Glacier Instant Retrieval storage class is now available

When setting up Cloud Tiering, now you can configure a lifecycle rule so your inactive data transitions from the Standard storage class to Glacier Instant Retrieval after a certain number of days. This will help reduce your AWS infrastructure costs. See the supported S3 storage classes.

Cloud Tiering has been fully qualified on ONTAP Select systems

In addition to tiering data from your AFF and FAS systems, now you can tier inactive data from your ONTAP Select systems to cloud storage.

2 September 2021

Cloud Tiering BYOL license replaces FabricPool license

A new Cloud Tiering license is now available for tiering configurations that are supported within Cloud Manager using the Cloud Tiering service. It is a floating license that you can use across multiple on-premises ONTAP clusters. The FabricPool license that you may have used in the past is retained only for configurations that aren’t supported within Cloud Manager.

Tier inactive data from on-prem ONTAP clusters to S3-compatible object storage

Now you can tier inactive data to any Object Storage service which uses the Simple Storage Service (S3) protocol. See how to tier data to S3-compatible object storage.

Cloud Volumes ONTAP

2 May 2022

The following changes were introduced with the 3.9.18 release of the Connector.

Cloud Volumes ONTAP 9.11.0

Cloud Manager can now deploy and manage Cloud Volumes ONTAP 9.11.0.

Enhancement to mediator upgrades

When Cloud Manager upgrades the mediator for an HA pair, it now validates that a new mediator image is available before it deletes the boot disk. This change ensures that the mediator can continue to operate successfully if the upgrade process is unsuccessful.

K8s tab has been removed

The K8s tab was deprecated in a previous and has now been removed. If you want to use Kubernetes with Cloud Volumes ONTAP, you can add managed-Kubernetes clusters to the Canvas as a working environment for advanced data management.

Annual contract in Azure

The Essentials and Professional packages are now available in Azure through an annual contract. You can contact your NetApp sales representative to purchase an annual contract. The contract is available as a private offer in the Azure Marketplace.

After NetApp shares the private offer with you, you can select the annual plan when you subscribe from the Azure Marketplace during working environment creation.

S3 Glacier Instant Retrieval

You can now store tiered data in the Amazon S3 Glacier Instant Retrieval storage class.

New AWS permissions required for the Connector

The following permissions are now required to create an AWS spread placement group when deploying an HA pair in a single Availability Zone (AZ):

"ec2:DescribePlacementGroups",
"iam:GetRolePolicy",

These permissions are now required to optimize how Cloud Manager creates the placement group.

Be sure to provide these permissions to each set of AWS credentials that you’ve added to Cloud Manager. You can find the latest list of permissions on the Cloud Manager policies page.

New Google Cloud region support

Cloud Volumes ONTAP is now supported in the following Google Cloud regions starting with the 9.10.1 release:

  • Delhi (asia-south2)

  • Melbourne (australia-southeast2)

  • Milan (europe-west8) - single node only

  • Santiago (southamerica-west1) - single node only

Support for n2-standard-16 in Google Cloud

The n2-standard-16 machine type is now supported with Cloud Volumes ONTAP in Google Cloud, starting with the 9.10.1 release.

Enhancements to Google Cloud firewall policies

  • When you create a Cloud Volumes ONTAP HA pair in Google Cloud, Cloud Manager will now display all existing firewall policies in a VPC.

    Previously, Cloud Manager wouldn’t display any policies in VPC-1, VPC-2, or VPC-3 that didn’t have a target tag.

  • When you create a Cloud Volumes ONTAP single node system in Google Cloud, you can now choose whether you want the predefined firewall policy to allow traffic within the selected VPC only (recommended) or all VPCs.

Enhancement to Google Cloud service accounts

When you select the Google Cloud service account to use with Cloud Volumes ONTAP, Cloud Manager now displays the email address that’s associated with each service account. Viewing the email address can make it easier to distinguish between service accounts that share the same name.

A screenshot of the service account field

3 April 2022

We have removed the System Manager link that was previously available from within a Cloud Volumes ONTAP working environment.

You can still connect to System Manager by entering the cluster management IP address in a web browser that has a connection to the Cloud Volumes ONTAP system. Learn more about connecting to System Manager.

Charging for WORM storage

Now that the introductory special rate has expired, you will now be charged for using WORM storage. Charging is hourly, according to the total provisioned capacity of WORM volumes. This applies to new and existing Cloud Volumes ONTAP systems.

27 February 2022

The following changes were introduced with the 3.9.16 release of the Connector.

Redesigned volume wizard

The create new volume wizard that we recently introduced is now available when creating a volume on a specific aggregate from the Advanced allocation option.

Cloud Volumes Service for GCP

9 September 2020

Support for Cloud Volumes Service for Google Cloud

You can now manage Cloud Volumes Service for Google Cloud directly from Cloud Manager:

  • Set up and create a working environment

  • Create and manage NFSv3 and NFSv4.1 volumes for Linux and UNIX clients

  • Create and manage SMB 3.x volumes for Windows clients

  • Create, delete, and restore volume snapshots

Compute

7 December 2020

It’s now easier to navigate between Cloud Manager and Spot.

A new Storage Operations section in Spot enables you to navigate directly to Cloud Manager. After you’re done, you can get back to Spot from the Compute tab in Cloud Manager.

18 October 2020

Introducing the Compute service

By leveraging Spot’s Cloud Analyzer, Cloud Manager can now provide a high-level cost analysis of your cloud compute spending and identify potential savings. This information is available from the Compute service in Cloud Manager.

A screenshot that shows the Cost Analysis page in Cloud Manager

Global File Cache

19 May 2022 (version 1.3.0)

Global File Cache Edge software for version 1.3.0 is available at this page.

New Metadata Edge Sync feature

This "Metadata Edge Sync" feature uses the Edge Synchronization feature as its core framework. Only Metadata information is updated on all subscribed Edges and the files/folders get created on the Edge machines.

License Manager Service enhancements

The Global File Cache License Management Server (LMS) service is enhanced to auto detect proxy settings. This enables a seamless configuration.

17 December 2021 (version 1.2.0)

The OpenSSL module has been upgraded to version 1.1.1l.

This is the latest version and it is more secure. This module is used for secure communication between GFC Edge and GFC Core.

The logging infrastructure has been enhanced.

9 June 2021 (version 1.1.0)

The "Edge Synchronization" feature has been added.

This feature keeps multiple Edges at a remote office in sync and the data is always cached/warm. When a file is flushed/fetched at one Edge, then the same file on all Edges participating in Edge Sync is updated and cached. See section 8.4 in the NetApp Global File Cache User Guide for details.

The OpenSSL module has been upgraded to version 1.1.1k.

This is the latest version and it is more secure. This module is used for secure communication between GFC Edge and GFC Core.

Updated License Registration Page.

The GFC License Registration Page now displays the number of licenses when activated through a NetApp subscription.

Kubernetes

4 May 2022

Drag and drop to add storage class

You can now drag your Kubernetes cluster and drop it onto the Cloud Volumes ONTAP working environment to add a storage class directly from the Canvas.

4 April 2022

Manage Kubernetes clusters using the Cloud Manager resource page

Kubernetes cluster management now has enhanced integration directly from the cluster working environment. A new Quick start gets you up and running quickly.

You can now take the following actions from the cluster resource page.

27 February 2022

Support for Kubernetes clusters in Google Cloud

You can now add and manage managed Google Kubernetes Engine (GKE) clusters and self-managed Kubernetes clusters in Google Cloud using Cloud Manager.

Monitoring

1 August 2021

Change to Acquisition Unit name

We changed the default name of the Acquisition Unit instance to CloudInsights-AU-UUID so that the name is more descriptive (the UUID is a generated hash).

Cloud Manager deploys this instance when you enable the Monitoring service on a Cloud Volumes ONTAP working environment.

5 May 2021

Support for existing tenants

You can now enable the Monitoring service on a Cloud Volumes ONTAP working environment even if you have an existing Cloud Insights tenant.

Free Trial transition

When you enable the Monitoring service, Cloud Manager sets up a free trial of Cloud Insights. On the 29th day, your plan now automatically transitions from the Trial Version to the Basic Edition.

9 February 2021

Support in Azure

The Monitoring service is now supported with Cloud Volumes ONTAP for Azure.

Support in Government regions

The Monitoring service is also supported in Government regions in AWS and Azure.

On-prem ONTAP clusters

27 February 2022

An "On-Premises ONTAP" tab is available in the Digital Wallet.

Now you can view an inventory of your on-prem ONTAP clusters along with their hardware and service contracts expiration dates. Additional details about the clusters are also available.

See how to view this important on-prem cluster information. You’ll need to have a NetApp Support Site account (NSS) for the clusters, and the NSS credentials will need to be attached to your Cloud Manager account.

11 January 2022

Tags that you add to volumes on on-prem ONTAP clusters can be use with the Tagging service.

Tags that you add to a volume are now associated with the tagging feature of the Application Templates service, which can help you organize and simplify the management of your resources.

28 November 2021

Create volume wizard for on-prem ONTAP clusters has been simplified

We redesigned the create volume wizard for ease of use and you can now choose a custom export policy.

Ransomware Protection

11 May 2022

New panel to track the security hardening of your ONTAP environments.

A new panel "Harden your ONTAP environments" provides the status of certain settings in your ONTAP systems that track how secure your deployment is according to the NetApp Security Hardening Guide for ONTAP Systems and to the ONTAP anti-ransomware feature that proactively detects and warns about abnormal activity.

You can review the recommendations and then decide how you want to address the potential issues. You can follow the steps to change the settings on your clusters, defer the changes to another time, or ignore the suggestion. Go here for details.

New panel to show how different categories of data are being protected using Cloud Backup.

This new "Backup Status" panel shows how comprehensively your most important categories of data are backed up in case you need to recover because of a ransomware attack. This data is a visual representation of how many items of a specific category in an environment are backed up by Cloud Backup. Go here for details.

15 March 2022

New panel to track the permissions status of your business critical data

A new panel "Business critical data permissions analysis" shows the permissions status of data that is critical for your business. That way you can quickly assess how well you are protecting your business-critical data. Go here for details.

Open Permissions area now includes OneDrive and SharePoint accounts

The Open Permissions area in the Ransomware Protection Dashboard now includes the permissions that exist for files that are being scanned in OneDrive accounts and SharePoint accounts.

9 February 2022

New Ransomware Protection service

The new Ransomware Protection service enables you to view relevant information about cybersecurity and assess how resilient your data is to a cyber attack. It also provides you with a list of alerts and remediations for making your data more secure.

Replication

2 September 2021

Support for Amazon FSx for ONTAP

You can now replicate data from a Cloud Volumes ONTAP system or an on-premises ONTAP cluster to an Amazon FSx for ONTAP file system.

5 May 2021

Redesigned interface

We redesigned the Replication tab for ease of use and to match the current look and feel of the Cloud Manager user interface.

A screenshot of the redesigned Replication tab in Cloud Manager that shows a list of volume relationships.

SnapCenter Service

21 Dec 2021

Fixes for Apache Log4j vulnerabilities

SnapCenter Service 1.0.1 upgrades Apache Log4j from version 2.9.1 to 2.17 to address the following vulnerabilities: CVE-2021-44228, CVE-2021-4104, and CVE-2021-45105.

The SnapCenter Service cluster should auto-update to the latest version. You should ensure that the version in the SnapCenter Service UI shows that the cluster is 1.0.1.1251 or later.