Skip to main content
NetApp Ransomware Resilience

NetApp Ransomware Resilience prerequisites

Contributors netapp-ahibbard amgrissino netapp-bcammett
PDFs

To ensure a successful deployment of NetApp Ransomware Resilience, verify the readiness of your operational environment, network access, and web browser.

Review and ensure you meet the following requirements.

Supported systems

Ensure you're using a supported system:

Environment Protocol Supported versions

Amazon FSx for NetApp ONTAP*

CIFS, NFS, and SAN

N/A

Azure NetApp Files

CIFS & NFS

N/A

Cloud Volumes ONTAP for AWS

CIFS & NFS

9.11.1 and later

SAN (iSCSI & NVMe)

9.17.1 and later

Cloud Volumes ONTAP for Google Cloud Platform

CIFS & NFS

9.11.1 and later

SAN (iSCSI & NVMe)

9.17.1 and later

Cloud Volumes ONTAP for Microsoft Azure

CIFS & NFS

9.12.1 and later

SAN (iSCSI & NVMe)

9.17.1 and later

ONTAP (on-premises)

CIFS & NFS

9.11.1 and later

SAN (iSCSI & NVMe)

9.17.1 and later

Google Cloud NetApp Volumes

CIFS, NFS, SAN (iSCSI & NVMe)

N/A

* Amazon FSx for NetApp ONTAP uses Autonomous Ransomware Protection (ARP) and not ARP/AI. For more information about the difference, see ARP/AI.

Note User activity detection is not supported for Azure NetApp Files or Google Cloud NetApp Volumes. For more information about support for user activity detection, see User activity detection requirements.

NetApp Console requirements

Your NetApp Console configuration requires:

  • A NetApp Console user account with Organization Admin privileges for discovering resources.

  • A Console organization and system with at least one active Console agent connecting to a supported system.

    • If your on-premises ONTAP clusters or Cloud Volumes ONTAP systems are not set up in the Console, see Learn how to configure a Console agent and standard Console requirements.

      Note If you have multiple Console agents in a single Console organization, Ransomware Resilience will scan ONTAP resources across all Console agents beyond the one that is currently selected in the Console UI.

  • The Console agent must have the cloudmanager-ransomware-protection container in an active state.

  • For ONTAP or Cloud Volumes ONTAP clusters, Ransomware Resilience requires ONTAP version 9.11.1 or greater.

    Note To use Ransomware Resilience on SAN workloads, you must be running ONTAP 9.17.1 or later.

ONTAP requirements

  • You must be running ONTAP 9.11.1 or later with an ONTAP One license enabled on the on-premises ONTAP instance. For more information about ONTAP support, see Autonomous Ransomware Protection overview.

  • To apply protection configurations (such as enabling Autonomous Ransomware Protection), Ransomware Resilience needs admin permissions on the ONTAP cluster. The ONTAP cluster should have been onboarded using ONTAP cluster admin user credentials only.

Note If you've connected an ONTAP cluster to the Console with non-admin credentials, you must Update non-admin user permissions in an ONTAP system.

Data backups

  • An account in NetApp StorageGRID, AWS S3, Azure Blob, or Google Cloud Platform for backup targets with appropriate access permissions configured.

    Refer to the AWS, Azure, or S3 permissions list for details.

Note You can configure a backup destination in Ransomware Resilience. If your workloads are protected by NetApp Backup and Recovery, Ransomware Resilience automatically recognizes protection details, including snapshots and backup destinations. Backup and Recovery is not required to use Ransomware Resilience.

User behavior detection requirements

For Ransomware Resilience to provide alerts about user behavior, you must configure a user activity agent. To install a user activity agent, ensure your system meets the requirements.

Clean restore prerequisites

Ransomware Resilience provides clean restores, which offer a guided recovery process that discovers optimal recovery pathways. To use clean restore, ensure you meet the prerequisites.

Update non-admin user permissions in an ONTAP system

If you need to update non-admin user permissions for a particular system, use this procedure:

  1. Log in to the Console. On the dashboard, identify the system that needs its ONTAP user permissions updated.

  2. Select the system to view its details.

  3. Select View additional information to display the username.

  4. Log in to the ONTAP cluster CLI as an admin user.

  5. Display the existing roles for that user:

    security login show -user-or-group-name <username>

  6. Change the role for the user. Enter:

    security login modify -user-or-group-name <name> -application console|http|ontapi|ssh -authentication-method password -role admin

  7. Return to the NetApp Console to use Ransomware Resilience.