Skip to main content
NetApp Ransomware Resilience

Frequently asked questions about NetApp Ransomware Resilience

Contributors amgrissino netapp-ahibbard netapp-bcammett
PDFs

This FAQ can help if you're just looking for a quick answer to a question about NetApp Ransomware Resilience.

Deployment

Do you need a license to use Ransomware Resilience?

You can use the following license types:

  • Sign up for a 30-day free trial.

  • Purchase a pay-as-you-go (PAYGO) subscription to NetApp Intelligent Services and Ransomware Resilience with Amazon Web Services (AWS) Marketplace, Google Cloud Marketplace, and Microsoft Azure Marketplace.

  • Bring your own license (BYOL), which is a NetApp License File (NLF) that you obtain from your NetApp sales representative. You can use the license serial number to get the BYOL activated in the Console's Licenses and subscriptions section.

How do you enable Ransomware Resilience?

You can access Ransomware Resilience from the NetApp Console. Ensure that you've access roles and prerequisites. If you've successfully configured a Console agent, you can then discover workloads.

For more information, see Access Ransomware Resilience and Ransomware Resilience quick start guide.

Is Ransomware Resilience available in standard, restricted, and private modes?

Ransomware Resilience is currently available in standard mode only.

For an explanation about these modes across all NetApp data services, refer to NetApp Console deployment modes.

Access

What's the Ransomware Resilience URL?

In a browser, enter https://console.netapp.com/ransomware-resilience to access the Console.

How are access permissions handled?

Learn about Console access roles for all services. Ransomware Resilience also has dedicated access roles.

What device resolution is best?

The recommended device resolution for Ransomware Resilience is 1920x1080 or better.

Which browser should I use?

You can access the NetApp Console with any modern web browser.

Interoperability

Is Ransomware Resilience aware of protection settings made in NetApp ONTAP?

Yes, Ransomware Resilience discovers snapshot schedules set in ONTAP.

How does Ransomware Resilience interact with NetApp Backup and Recovery and SnapCenter?

Ransomware Resilience works with Backup and Recovery to discover and set snapshot and backup policies for file share workloads.

Ransomware Resilience works with SnapCenter or SnapCenter for VMware to discover and set snapshot and backup policies for application and VM workloads.

Ransomware Resilience also works with Backup and Recovery and SnapCenter (including SnapCenter for VMware) to perform file- and workload-consistent recovery.

Workloads

What is a workload in the context of Ransomware Resilience?

A workload is an application, a VM, or a file share. A workload includes all volumes that are used by a single application instance.

For example, consider an Oracle Database deployed on ora3.host.com with vol1 containing data and vol2 containing logs. The two volumes constitute the workload for that Oracle Database instance.

How does Ransomware Resilience prioritize workload data?

The workload priority (critical, standard, important) is determined by snapshot frequencies already applied to each volume associated with the workload and scheduled backups.

Learn about workload priority or importance.

What workloads does Ransomware Resilience support?

Ransomware Resilience can identify the following workloads: Oracle, MySQL, file shares, block storage, VMs, and VM datastores.

If you're using SnapCenter or SnapCenter for VMware, all workloads supported by these products are also identified in Ransomware Resilience. Ransomware Resilience can protect and recover SnapCenter and SnapCenter workloads in a workload-consistent manner.

How do you associate data with a workload?

Ransomware Resilience discovers the volumes and the file extensions and associates them with the appropriate workload.

If you have SnapCenter or SnapCenter for VMware and have configured workloads in Backup and Recovery, then Ransomware Resilience discovers the workloads managed by SnapCenter and SnapCenter for VMware and their associated volumes.

What is a protected workload?

In Ransomware Resilience, a workload shows a status of protected when it has a primary detection policy enabled, meaning Autonomous Ransomware Protection (ARP) is enabled on all volumes related to the workload.

What is an "at risk" workload?

If a workload does not have a primary detection policy enabled, it's labeled "at risk" even if it has a backup and snapshot policy enabled. For ransomware protection, you should enable a detection policy.

I've added a new volume, but it has not appeared yet. What should I do?

If you added a new volume to your environment, initiate discovery of the workload again. After the volume has been discovered, apply protection policies to protect the new volume.

Protection policies

Do Ransomware Resilience ransomware policies co-exist with other kinds of workload policies?

At this time, Backup and Recovery (Cloud Backup) supports one backup policy per volume. If you configure backup protection with Backup and Recovery, it shares backup policies with Ransomware Resilience.

Snapshot copies are not limited and can be added separately from each service.

What policies are required in a ransomware protection strategy?

A ransomware protection strategy requires:

  • a ransomware detection policy, and

  • a snapshot policy

A backup policy is not required in the Ransomware Resilience strategy.

Is Ransomware Resilience aware of protection settings made in NetApp ONTAP?

Yes, Ransomware Resilience discovers snapshot schedules set in ONTAP. It also discovers whether ARP and FPolicy are enabled across all volumes in a discovered workload. The information you see in the Ransomware Resilience Dashboard is aggregated from other NetApp solutions and products.

Is Ransomware Resilience aware of policies already made in Backup and Recovery and SnapCenter?

Yes, if you have workloads managed in Backup and Recovery or SnapCenter, the policies managed by those products are brought into Ransomware Resilience.

Can you modify policies carried over from NetApp Backup and Recovery and/or SnapCenter?

No, you cannot modify policies managed by Backup and Recovery or SnapCenter from Ransomware Resilience. You manage any changes to those policies in Backup and Recovery or SnapCenter.

If policies exist from ONTAP (such as ARP, FPolicy, and snapshots) are those changed in Ransomware Resilience?

No. Ransomware Resilience does not modify any existing detection policies (ARP, FPolicy settings) from ONTAP.

What happens if you add new policies in Backup and Recovery or SnapCenter after signing up for Ransomware Resilience?

Ransomware Resilience recognizes newly created policies and policy changes in Backup and Recovery or SnapCenter.

Can you change policies from ONTAP?

Yes, you can change policies from ONTAP in Ransomware Resilience. You can also create new policies in Ransomware Resilience and apply them to workloads. This action replaces existing ONTAP policies with the policies created in Ransomware Resilience.

Can you disable policies in ONTAP?

You can disable ARP in detection policies using the System Manager UI, APIs, or CLI in ONTAP.

You can disable FPolicy and backup policies by applying a different policy that does not include them.