Information and Region
NetApp takes the security of customer information very seriously. Here is how and where Data Infrastructure Insights stores your information.
What information does Data Infrastructure Insights store?
Data Infrastructure Insights stores the following information:
-
Performance data
Performance data is time-series data providing information about the performance of the monitored device/source. This includes, for example, the number of IOs delivered by a storage system, the throughput of a FibreChannel port, the number of pages delivered by a web server, the response time of a database, and more.
-
Inventory data
Inventory data consists of metadata describing the monitored device/source and how it is configured. This includes, for example, hardware and software versions installed, disks and LUNs in a storage system, CPU cores, RAM and disks of a virtual machine, the tablespaces of a database, the number and type of ports on a SAN switch, directory/file names (if Storage Workload Security is enabled), etc.
-
Configuration data
This summarizes customer-provided configuration data used to manage customer inventory and operations, e.g. hostnames or IP addresses of the monitored devices, polling intervals, timeout values, etc.
-
Secrets
Secrets consist of the credentials used by the Data Infrastructure Insights Acquisition Unit to access customer devices and services. These credentials are encrypted using strong asymmetric encryption, and the private keys are stored only on the Acquisition Units and never leave the customer environment. Even privileged Data Infrastructure Insights SREs are unable to access customer secrets in plain-text due to this design.
-
Functional Data
This is data generated as a result of NetApp providing the Cloud Data Service, which informs NetApp in the development, deployment, operations, maintenance, and securing of the Cloud Data Service. Functional Data does not contain Customer Information or Personal Information.
-
User Access data
Authentication and access information that allows NetApp BlueXP to communicate with regional Data Infrastructure Insights sites, including data related to user Authorization.
-
Storage Workload Security User Directory Data
In cases where the Workload Security functionality is enabled AND the customer chooses to enable the User Directory collector, the system will store user display names, corporate email addresses, and other information collected from Active Directory.
User Directory data refers to user directory information collected by the Workload Security User Directory data collector, not to data about the users of Data Infrastructure Insights/Workload Security themselves. |
No explicit personal data is collected from infrastructure and services resources. Collected information consists of performance metrics, configuration information and infrastructure metadata only, much like many vendor phone-homes, including NetApp auto-support and ActiveIQ. However, depending on a customer's naming conventions, data for shares, volumes, VMs, qtrees, applications, etc. may contain personally identifiable information.
If Workload Security is enabled, the system additionally looks at file and directory names on SMB or other shares, which may contain personally identifiable information. Where customers enable the Workload Security User Directory Collector (which essentially maps Windows SIDs to usernames through Active Directory), the display name, corporate email address and any additional attributes selected will be collected and stored by Data Infrastructure Insights.
Additionally, access logs to Data Infrastructure Insights are maintained and contain users' IP and email addresses used to log into the service.
Where is my information stored?
Data Infrastructure Insights stores information according to the region in which your environment is created.
The following information is stored in the host region:
-
Telemetry and asset/object information, including counters and performance metrics
-
Acquisition Unit information
-
Functional data
-
Audit information on user activities inside Data Infrastructure Insights
-
Workload Security Active Directory information
-
Workload Security Audit information
The following information resides in the United States, regardless of the region hosting your Data Infrastructure Insights environment:
-
Environment site (sometimes called "tenant") information such as site/account owner.
-
Information that allows NetApp BlueXP to communicate with regional Data Infrastructure Insights sites, including anything to do with user Authorization.
-
Information related to the relation between the Data Infrastructure Insights user and the tenant.
Host Regions
Host regions include:
-
US: us-east-1
-
EMEA: eu-central-1
-
APAC: ap-southeast-2
More Information
You can read more about NetApp's privacy and security at the following links: