Local tiers are lacking space

Remediate risks

One or more local tiers are more than 95% full and quickly growing. Existing workloads might be unable to grow, or in extreme cases, existing workloads might run out of space and fail.

Recommended fix: Perform one of following options.

Applications are lacking space

Needs attention

One or more volumes are more than 95% full, but they do not have autogrow enabled.

Recommended: Enable autogrow up to 150% of current capacity.

Other options:

FlexGroup volume's capacity is imbalanced

Optimize storage

The size of the constituent volumes of one or more FlexGroup volumes has grown unevenly over time, leading to an imbalance in capacity usage. If the constituent volumes become full, write failures could occur.

Recommended: Rebalance the FlexGroup volumes.

Storage VMs are running out of capacity

Optimize storage

One or more storage VMs are near their maximum capacity. You will not babe able to provision more space for new or existing volumes if the storage VMs reach maximum capacity.

Recommended: If possible, increase the maximum capacity limit of the storage VM.

Volumes are still in anti-ransomware learning mode

Needs attention

One or more volumes have been in the anti-ransomware learning mode for 90 days.

Recommended: Enable the anti-ransomware active mode for those volumes.

Automatic deletion of Snapshot copies is enabled on volumes

Needs attention

Snapshot auto-deletion is enabled on one or more volumes.

Recommended: Disable the automatic deletion of Snapshot copies. Otherwise, in case of a ransomware attack, data recovery for these volumes might not be possible.

Volumes don't have Snapshot policies

Needs attention

One or more volumes don't have an adequate Snapshot policy attached to them.

Recommended: Attach a Snapshot policy to volumes that don't have one. Otherwise, in case of a ransomware attack, data recovery for these volumes might not be possible.

Native FPolicy is not configured

Best practice

Native FPolicy is not configured on one or more NAS storage VMs.

Recommended: IMPORTANT: Blocking extensions might lead to unexpected results. Beginning in 9.11.1, you can enable native FPolicy for storage VMs, which blocks over 3000 file extensions known to be used for ransomware attacks. Configure native FPolicy in NAS storage VMs to control the file extensions that are allowed or not allowed to be written on volumes in your environment.

Telnet is enabled

Best practice

Secure Shell (SSH) should be used for secure remote access.

Recommended: Disable Telnet and use SSH for secure remote access.

Too few NTP servers are configured

Best practice

The number of servers configured for NTP is less than 3.

Recommended: Associate at least three NTP servers with the cluster. Otherwise, problems can occur with the synchronization of the cluster time.

Remote Shell (RSH) is enabled

Best practice

Secure Shell (SSH) should be used for secure remote access.

Recommended: Disable RSH and use SSH for secure remote access.

Login banner isn't configured

Best practice

Login messages are not configured either for the cluster, for the storage VM, or for both.

Recommended: Setup the login banners for the cluster and the storage VM and enable their use.

AutoSupport is using a nonsecure protocol

Best practice

AutoSupport is not configured to communicate via HTTPS.

Recommended: It is strongly recommended to use HTTPS as the default transport protocol to send AutoSupport messages to technical support.

Default admin user is not locked

Best practice

Nobody has logged in using a default administrative account (admin or diag), and these accounts are not locked.

Recommended: Lock default administrative accounts when they are not being used.

Secure Shell (SSH) is using nonsecure ciphers

Best practice

The current configuration uses nonsecure CBC ciphers.

Recommended: You should allow only secure ciphers on your web server to protect secure communication with your visitors. Remove ciphers that have names containing "cbc", such as "ais128-cbc", "aes192-cbc", "aes256-cbc", and "3des-cbc".

Global FIPS 140-2 compliance is disabled

Best practice

Global FIPS 140-2 compliance is disabled on the cluster.

Recommended: For security reasons, you should enable Global FIPS 140-2 compliant cryptography to ensure ONTAP can safely communicate with external clients or server clients.

Volumes aren't being monitored for ransomware attacks

Needs attention

Anti-ransomware is disabled on one or more volumes.

Recommended: Enable anti-ransomware on the volumes. Otherwise, you might not notice when volumes are being threatened or under attack.

Storage VMs aren't configured for anti-ransomware

Best practice

One or more storage VMs aren't configured for anti-ransomware protection.

Recommended: Enable anti-ransomware on the storage VMs. Otherwise, you might not notice when storage VMs are being threatened or under attack.

Cluster isn't configured for notifications

Best practice

Email, webhooks, or an SNMP traphost is not configured to let you receive notifications about problems with the cluster.

Recommended: Configure notifications for the cluster.

Cluster isn't configured for automatic updates.

Best practice

The cluster hasn't been configured to receive automatic updates for the latest disk qualification package, disk firmware, shelf firmware, SP/BMC firmware, or security files when they are available.

Recommended: Enable this feature.

Cluster firmware isn't up-to-date

Best practice

Your system doesn't have the latest update to the firmware which could have improvements, security patches, or new features that help secure the cluster for better performance.

Recommended: Update the ONTAP firmware.