Get started with Cloud Data Sense for Amazon FSx for ONTAP

Contributors juliantap Download PDF of this page

Complete a few steps to get started with Cloud Data Sense for FSx for ONTAP.

Before you begin

Note At this time, you can scan NFS volumes only.

Quick start

Get started quickly by following these steps or scroll down for full details.

Number 1 Discover the data sources that contain the data you want to scan

Before you can scan FSx for ONTAP volumes, you must have an FSx working environment with volumes configured.

Number 2 Deploy the Cloud Data Sense instance

Deploy Cloud Data Sense in Cloud Manager if there isn’t already an instance deployed.

Number 3 Enable Cloud Data Sense and select the volumes to scan

Click Data Sense, select the Configuration tab, and activate compliance scans for volumes in specific working environments.

Number 4 Ensure access to volumes

Now that Cloud Data Sense is enabled, ensure that it can access all volumes.

  • The Cloud Data Sense instance needs a network connection to each FSx for ONTAP subnet.

  • Make sure NFS ports 111 and 2049 are open to the Data Sense instance.

  • NFS volume export policies must allow access from the Data Sense instance.

Number 5 Manage the volumes you want to scan

Select or deselect the volumes you want to scan and Cloud Data Sense will start or stop scanning them.

Discovering the data sources that you want to scan

If the data sources you want to scan are not already in your Cloud Manager environment, you can add them to the canvas at this time.

Deploying the Cloud Data Sense instance

Deploy Cloud Data Sense if there isn’t already an instance deployed.

Data Sense should be deployed in the same AWS network as the Connector for AWS and the FSx volumes you wish to scan.

Enabling Cloud Data Sense in your working environments

You can enable Cloud Data Sense for FSx for ONTAP volumes.

  1. At the top of Cloud Manager, click Data Sense and then select the Configuration tab.

    A screenshot of the Configuration tab immediately after deploying the Cloud Data Sense instance.

  2. To scan all volumes in a working environment, click Activate Scanning for All Volumes.

    When enabled in this manner, full "mapping and classification" scanning is performed on all volumes.

    If you want to enable scanning only for certain volumes, or if you only want to perform "mapping-only" scanning, click or select Volumes and then choose the volumes you want to scan.

Result

Cloud Data Sense starts scanning the volumes you selected in the working environment. Results will be available in the Compliance dashboard as soon as Cloud Data Sense finishes the initial scans. The time that it takes depends on the amount of data—​it could be a few minutes or hours.

Verifying that Cloud Data Sense has access to volumes

Make sure Cloud Data Sense can access volumes by checking your networking, security groups, and export policies.

Steps
  1. On the Configuration page, click View Details to review the status and correct any errors.

    For example, the following image shows a volume Cloud Data Sense can’t scan due to network connectivity issues between the Data Sense instance and the volume.

    A screenshot of the View Details page in the scan configuration showing volume not being scanned because of network connectivity between Data Sense and the volume.

  2. Make sure there’s a network connection between the Cloud Data Sense instance and each network that includes volumes for FSx for ONTAP.

    Note For FSx for ONTAP, Cloud Data Sense can scan volumes only in the same region as Cloud Manager.
  3. Ensure NFS ports 111 and 2049 are open to the Data Sense instance.

  4. Ensure NFS volume export policies include the IP address of the Data Sense instance so it can access the data on each volume.

Enabling and disabling compliance scans on volumes

You can stop or start mapping scans, or mapping and classification scans, in a working environment at any time from the Configuration page. We recommend that you scan all volumes.

A screenshot of the Configuration page where you can enable or disable scanning of individual volumes.

To: Do this:

Enable mapping-only scans on a volume

Click Map

Enable full scanning on a volume

Click Map & Classify

Enable full scanning on all volumes

Move the Map & Classify All slider to the right

Disable scanning on a volume

Click Off

Disable scanning on all volumes

Move the Map & Classify All slider to the left

Note New volumes added to the working environment are automatically scanned only when the Activate Compliance for all Volumes setting is enabled. When this setting is disabled, you’ll need to activate scanning on each new volume you create in the working environment.