Release notes
Enable ONTAP Autonomous Ransomware Protection by default in new volumes
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
Beginning with ONTAP 9.10.1, you can configure storage VMs (SVMs) so that new volumes are enabled by default with Autonomous Ransomware Protection (ARP). You can modify this setting using System Manager or with the CLI.
If you want to configure only individual new or existing volumes without making ARP the default, see this related ARP procedure.
By default, new volumes are created with ARP in disabled mode. ARP will only be enabled by default on new volumes created in the SVM after you have enabled ARP for NAS volumes functionality.
ARP will not be automatically enabled on existing volumes. Setting changes described in this procedure only affect new volumes. Learn how to enable ARP for existing volumes.
-
For ONTAP 9.10.1 to 9.15.1 and ARP with FlexGroup volumes
By default, new volumes enabled with ARP enabled are set to learning mode (or "dry-run") mode in which the system analyzes the workload to characterize normal behavior. Learning mode can be transitioned to active mode manually (all ARP versions) or automatically (beginning in ARP 9.13.1). With ARP 9.13.1 and later, adaptive learning has been added to ARP analytics so that the switch from learning mode to active mode is done automatically. -
For ONTAP 9.16.1 and later with FlexVol volumes
When you enable ARP, ARP/AI protection is enabled and active immediately. No learning period is required.
-
The correct license must be installed for your ONTAP version.
-
The volume must be less than 100% full.
-
Junction paths must be active.
-
Beginning with ONTAP 9.13.1, it's recommended you enable multi-admin verification (MAV) so that two or more authenticated user admins are required for anti-ransomware operations. Learn more.
You can use System Manager or the ONTAP CLI to enable ARP by default on new volumes.
-
Select Storage > Storage VMs then select the storage VM that contains volumes you want to protect with ARP.
-
Navigate to the Settings tab. Under Security, locate the Anti-ransomware tile then select
. -
Check the box to enable ARP for NAS volumes. Check the additional box to enable ARP on all eligible NAS volumes in the storage VM.
For ONTAP 9.16.1, these actions enable ARP/AI protection as the default for new FlexVol volumes and no learning period is required. -
If you have upgraded to ARP 9.13.1 or later, optionally select Switch automatically from learning to active mode after sufficient learning. This allows ARP to determine the optimal learning period interval and automate the switch to active mode.
-
Modify an existing SVM to enable ARP by default in new volumes:
For ONTAP 9.15.1 and earlier and FlexGroup volumes, new volumes begin in learning mode. For ONTAP 9.16.1 and later with FlexVol volumes, ARP/AI is enabled immediately. In either case, use dry-runas the value.vserver modify -vserver <svm_name> -anti-ransomware-default-volume-state dry-runCli -
Create a new SVM with ARP enabled by default for new volumes:
For ONTAP 9.15.1 and earlier and FlexGroup volumes, new volumes begin in learning mode. For ONTAP 9.16.1 and later with FlexVol volumes, ARP/AI is enabled immediately. In either case, use dry-runas the value.vserver create -vserver <svm_name> -anti-ransomware-default-volume-state dry-run <other parameters as needed>Cli -
If you upgraded to ONTAP 9.13.1 through ONTAP 9.15.1 and the default state is
dry-run, adaptive learning is enabled so that the change toactivestate is done automatically. Modify the existing SVM if you do not want this behavior to be automatically enabled:vserver modify <svm_name> -anti-ransomware-auto-switch-from-learning-to-enabled falseCli -
Verify that ARP-enabled volumes show
enabledstate.security anti-ransomware volume showCli
