- ONTAP docs
- Release notes
-
Introduction and concepts
-
ONTAP concepts
- ONTAP platforms
- ONTAP user interfaces
- Cluster storage
- High-availability pairs
- AutoSupport and Active IQ Digital Advisor
- Network architecture
- Client protocols
- Disks and aggregates
- Volumes, qtrees, files, and LUNs
- Storage virtualization
- Path failover
- Load balancing
- Replication
- Storage efficiency
- Security
- ONTAP and VMware vSphere
- Application aware data management
- FabricPool
- System Manager integration with BlueXP
-
ONTAP concepts
-
Set up, upgrade and revert ONTAP
-
Set up ONTAP
- Get started
- Set up a cluster with System Manager
-
Set up a cluster with the CLI
- Create the cluster on the first node
- Join remaining nodes to the cluster
- Convert management LIFs from IPv4 to IPv6
- Check your cluster with Active IQ Config Advisor
- Synchronize the system time across the cluster
- Commands for managing symmetric authentication on NTP servers
- Additional system configuration tasks to complete
- Configure All-Flash SAN Array software
-
Upgrade ONTAP
- Overview
- When to upgrade ONTAP
- Execute automated pre-upgrade checks before a planned upgrade
-
Prepare for an ONTAP upgrade
- Determine how long an upgrade will take
- Prepare to upgrade with Upgrade Advisor
-
Prepare to upgrade without Upgrade Advisor
- Preparation summary
- Choose your target ONTAP release
- Confirm configuration support
- Identify common configuration errors
- Upgrade paths
- Verify LIF failover configuration
- Verify SVM routing configuration
- Special considerations
- Reboot SP or BMC
- Download the ONTAP software image
- ONTAP upgrade methods
- What to do after an ONTAP upgrade
- Firmware and system updates
-
Revert ONTAP
- Overview
- Do I need technical support?
- What are the revert paths?
- What should I read before I revert?
- What should I verify before I revert?
- What else should I check before I revert?
- How do I get and install the revert software image?
- Revert my cluster
-
What should I do after reverting my cluster?
- Verify cluster and storage health
- Enable automatic switchover for MetroCluster configurations
- Enable and revert LIFs to home ports
- Enable Snapshot copy policies
- Verify client access (SMB and NFS)
- Verify IPv6 firewall entries
- Revert password hash function
- Maually update SP firmware
- Verify user accounts that can access the Service Processor
-
Set up ONTAP
-
Cluster administration
-
Cluster management with System Manager
- Administration overview
- Use System Manager to access a Cluster
- Enable new features
- Download a cluster configuration
- Assign tags to a cluster
- View and submit support cases
- Manage maximum capacity limit of a storage VM
- Monitor capacity with System Manager
- View hardware configurations and determine problems
- Manage nodes
- License management
-
Cluster management with the CLI
- Overview
- Cluster and SVM administrators
- Access the cluster by using the CLI (cluster administrators only)
-
Use the ONTAP command-line interface
- Overview
- Different shells for CLI commands (cluster administrators only)
- Methods of navigating CLI command directories
- Rules for specifying values in the CLI
- Methods of viewing command history and reissuing commands
- Keyboard shortcuts for editing CLI commands
- Use of administrative privilege levels
- Set the privilege level in the CLI
- Set display preferences in the CLI
- Methods of using query operators
- Methods of using extended queries
- Methods of customizing show command output by using fields
- About positional parameters
- Methods of accessing ONTAP man pages
- Manage CLI sessions (cluster administrators only)
- Cluster management (cluster administrators only)
-
Manage nodes
- Add nodes to the cluster
- Remove nodes from the cluster
- Access a node’s log, core dump, and MIB files by using a web browser
- Access the system console of a node
- Manage node root volumes and root aggregates
- Start or stop a node
- Manage a node by using the boot menu
- Display node attributes
- Modify node attributes
- Rename a node
- Manage single-node clusters
- Configure the SP/BMC network
-
Manage nodes remotely using the SP/BMC
- Overview
- About the Service Processor (SP)
- About the Baseboard Management Controller (BMC)
- Methods of managing SP/BMC firmware updates
- When the SP/BMC uses the network interface for firmware updates
- Accounts that can access the SP
- Access the SP/BMC from an administration host
- Access the SP/BMC from the system console
- Relationship among the SP CLI, SP console, and system console sessions
- Manage the IP addresses that can access the SP
- Use online help at the SP/BMC CLI
- Commands to manage a node remotely
- About the threshold-based SP sensor readings and status values of the system sensors command output
- About the discrete SP sensor status values of the system sensors command output
- Commands for managing the SP from ONTAP
- ONTAP commands for BMC management
- BMC CLI commands
- Manage the cluster time (cluster administrators only)
- Manage the banner and MOTD
- Manage jobs and schedules
-
Back up and restore cluster configurations (cluster administrators only)
- What configuration backup files are
- How the node and cluster configurations are backed up automatically
- Commands for managing configuration backup schedules
- Commands for managing configuration backup files
- Find a configuration backup file to use for recovering a node
- Restore the node configuration using a configuration backup file
- Find a configuration to use for recovering a cluster
- Restore a cluster configuration from an existing configuration
- Synchronize a node with the cluster
- Manage core dumps (cluster administrators only)
-
Disk and tier (aggregate) management
- Overview
-
Manage local tiers (aggregates)
- Overview
- Add (create) a local tier (aggregate)
-
Manage the use of local tiers (aggregates)
- Overview
- Rename a local tier (aggregate)
- Set media cost of a local tier (aggregate)
- Manually Fast zero drives
- Manually assign disk ownership
- Determine drive and RAID group information for a local tier (aggregate)
- Assign local tiers (aggregates) to storage VMs (SVMs)
- Determine which volumes reside on a local tier (aggregate)
- Determine and control a volume’s space usage in a local tier (aggregate)
- Determine space usage in a local tier (aggregate)
- Relocate local tier (aggregate) ownership within an HA pair
- Delete a local tier (aggregate)
- Commands for relocating local tiers (aggregates)
- Commands for managing local tiers (aggregates)
- Add capacity (disks) to a local tier (aggregate)
-
Manage disks
- Overview
- How hot spare disks work
- How low spare warnings can help you manage your spare disks
- Additional root-data partitioning management options
- When you need to update the Disk Qualification Package
-
Disk and partition ownership
- Overview
- About auto-assignment of disk ownership
- Display disk and partition ownership
- Change auto-assignment settings for disk ownership
- Manually assign ownership of unpartitioned disks
- Manually assign ownership of partitioned disks
- Set up an active-passive configuration on nodes using root-data partitioning
- Set up an active-passive configuration on nodes using root-data-data partitioning
- Remove ownership from a disk
- Remove a failed disk
- Disk sanitization
- Commands for managing disks
- Commands for displaying space usage information
- Commands for displaying information about storage shelves
- Manage RAID configurations
-
Manage Flash Pool local tiers (aggregates)
- Overview
- Flash Pool local tier (aggregate) caching policies
- Manage Flash Pool caching policies
- Flash Pool SSD partitioning for Flash Pool local tiers (aggregates) using storage pools
- Flash Pool candidacy and optimal cache size
- Create a Flash Pool local tier (aggregate) using physical SSDs
-
Create a Flash Pool local tier (aggregate) using SSD storage pools
- Overview
- Determine whether a Flash Pool local tier (aggregate) is using an SSD storage pool
- Add cache by adding an SSD storage pool
- Create a Flash Pool using SSD storage pool allocation units
- Determine the impact to cache size of adding SSDs to an SSD storage pool
- Add SSDs to an SSD storage pool
- Commands for managing SSD storage pools
-
FabricPool tier management
- Overview
- Benefits of storage tiers by using FabricPool
- Considerations and requirements for using FabricPool
- About FabricPool tiering policies
- FabricPool management workflow
-
Configure FabricPool
-
Prepare for FabricPool configuration
- Overview
- Install a FabricPool license
- Install a CA certificate if you use StorageGRID
- Install a CA certificate if you use ONTAP S3
-
Set up an object store as the cloud tier for FabricPool
- Overview
- Set up StorageGRID as the cloud tier
- Set up ONTAP S3 as the cloud tier
- Set up Alibaba Cloud Object Storage as the cloud tier
- Set up Amazon S3 as the cloud tier
- Set up Google Cloud Storage as the cloud tier
- Set up IBM Cloud Object Storage as the cloud tier
- Set up Azure Blob Storage for the cloud as the cloud tier
- Set up object stores for FabricPool in a MetroCluster configuration
- Test object store throughput performance before attaching to a local tier
- Attach the cloud tier to an aggregate
- Tier data to local bucket
-
Prepare for FabricPool configuration
-
Manage FabricPool
- Overview
- Determine how much data in a volume is inactive by using inactive data reporting
- Manage volumes for FabricPool
- Object tagging using user-created custom tags
- Monitor the space utilization for FabricPool
- Manage storage tiering by modifying a volume’s tiering policy or tiering minimum cooling period
- Archive volumes with FabricPool (video)
- Use cloud migration controls to override a volume’s default tiering policy
- Promote data to the performance tier
- Manage FabricPool mirrors
- Commands for managing aggregates with FabricPool
- SVM data mobility
-
HA pair management
- Overview
- How hardware-assisted takeover works
- How automatic takeover and giveback works
- Automatic takeover commands
- Automatic giveback commands
- Manual takeover commands
- Manual giveback commands
- Testing takeover and giveback
- Commands for monitoring an HA pair
- Commands for enabling and disabling storage failover
- Halt or reboot a node without initiating takeover
- Rest API management with System Manager
-
Cluster management with System Manager
-
Volume administration
-
Volume and LUN management with System Manager
- Overview
- Manage volumes
- Manage LUNs
- Expand volumes and LUNs
- Save storage space
- Balance load by moving LUNs
- Balance loads by moving volumes to another tier
- Use Ansible Playbooks to add or edit volumes or LUNs
- Manage storage efficiency policies
- Manage resources using quotas
- Limit resource use
- Clone data with FlexClone
- Search, filter, and sort
- Capacity measurements
-
Logical storage management with the CLI
- Overview
-
Create and manage volumes
- Create a volume
- Enable large volume and large file support
-
SAN volumes
- Overview of SAN volume provisioning
- Configure volume provisioning options
- Determine space usage in a volume or aggregate
- Delete Snapshot copies automatically
- Configure volumes to automatically provide more space when they are full
- Configure volumes to automatically grow and shrink their size
- Requirements for enabling both autoshrink and automatic Snapshot copy deletion
- Autoshrink functionality and snapshot copy deletion
- Address FlexVol volume fullness and overallocation alerts
- Address aggregate fullness and overallocation alerts
- Considerations when setting fractional reserve
- Determine file and inode usage for a volume
- Control and monitor FlexVol volume I/O performance with Storage QoS
- Delete a FlexVol volume
- Protection against accidental volume deletion
- Commands for managing FlexVol volumes
- Commands for displaying space usage information
- Move and copy volumes
- Use FlexClone volumes to create efficient copies of your FlexVol volumes
-
Use FlexClone files and FlexClone LUNs to create efficient copies of files and LUNs
- Overview
- Create a FlexClone file or FlexClone LUN
- View node capacity for creating and deleting FlexClone files and FlexClone LUNs
- View the space savings due to FlexClone files and FlexClone LUNs
- Methods to delete FlexClone files and FlexClone LUNs
- How a FlexVol volume can reclaim free space with autodelete setting
- Use qtrees to partition your FlexVol volumes
- Logical space reporting and enforcement for volumes
-
Use quotas to restrict or track resource usage
-
Overview of the quota process
- Understand quotas, quota rules, and quota policies
- Benefits of using quotas
- Quota process
- Differences among hard, soft, and threshold quotas
- About quota notifications
- Quota targets and types
- Special kinds of quotas
- How quotas are applied
- Considerations for assigning quota policies
-
How quotas work with users and groups
- Overview
- Specify UNIX users for quotas
- Specify Windows users for quotas
- How default user and group quotas create derived quotas
- How quotas are applied to the root user
- How quotas work with special Windows groups
- How quotas are applied to users with multiple IDs
- How ONTAP determines user IDs in a mixed environment
- How quotas work with multiple users
- UNIX and Windows name linking for quotas
- How tree quotas work
- How qtree changes affect quotas
- How quotas are activated
-
How you can view quota information
- Overview
- See what quotas are in effect using the quota report
- Why enforced quotas differ from configured quotas
- Use the quota report to determine which quotas limit writes to a specific file
- Commands for displaying information about quotas
- When to use the volume quota policy rule show and volume quota report commands
- Difference in space usage displayed by a quota report and a UNIX client
- Examples of quota configuration
- Set up quotas on an SVM
- Modify (or Resizing) quota limits
- Reinitialize quotas after making extensive changes
- Commands to manage quota rules and quota policies
- Commands to activate and modify quotas
-
Overview of the quota process
-
Use deduplication, data compression, and data compaction to increase storage efficiency
- Overview
- Enable deduplication on a volume
- Disable deduplication on a volume
- Automatic volume-level background deduplication on AFF systems
- Manage aggregate-level inline deduplication on AFF systems
- Manage aggregate-level background deduplication on AFF systems
- Temperature-sensitive storage efficiency overview
- Storage efficiency behavior with volume move and SnapMirror
- Set storage efficiency modes
- Change volume inactive data compression threshold
- Check volume efficiency mode
- Change volume efficiency mode
- View volume footprint savings with or without temperature-sensitive storage efficiency
- Enable data compression on a volume
- Move between secondary compression and adaptive compression
- Disable data compression on a volume
- Manage inline data compaction for AFF systems
- Enable inline data compaction for FAS systems
- Inline storage efficiency enabled by default on AFF systems
- Enable storage efficiency visualization
- Create a volume efficiency policy to run efficiency operations
- Manage volume efficiency operations manually
- Manage volume efficiency operations using schedules
- Monitor volume efficiency operations
- Stop volume efficiency operations
- Additional information about removing space savings from a volume
- Rehost a volume from one SVM to another SVM
-
Recommended volume and file or LUN configuration combinations
- Overview
- Determine the correct volume and LUN configuration combination for your environment
- Configuration settings for space-reserved files or LUNs with thick-provisioned volumes
- Settings for non-space-reserved files or LUNs with thin-provisioned volumes
- Configuration settings for space-reserved files or LUNs with semi-thick volume provisioning
- Cautions and considerations for changing file or directory capacity
-
Features supported by FlexClone files and FlexClone LUNs
- Overview
- Deduplication with FlexClone files and FlexClone LUNs
- How Snapshot copies work with FlexClone files and FlexClone LUNs
- Inheritance of access control lists by FlexClone files and FlexClone LUNs
- How quotas work with FlexClone files and FlexClone LUNs
- FlexClone volumes and associated FlexClone files and FlexClone LUNs
- NDMP and FlexClone files and LUNs
- How volume SnapMirror works with FlexClone files and FlexClone LUNs
- How space reservation works with FlexClone files and FlexClone LUNs
- How an HA configuration works with FlexClone files and FlexClone LUNs
- Provision NAS storage for large file systems using FlexGroup volumes
-
FlexGroup volumes management with the CLI
- Overview
- What a FlexGroup volume is
- Supported and unsupported configurations for FlexGroup volumes
- FlexGroup volume setup
-
Manage FlexGroup volumes
- Monitor the space usage of a FlexGroup volume
- Increase the size of a FlexGroup volume
- Reduce the size of a FlexGroup volume
- Configure FlexGroup volumes to automatically grow and shrink their size
- Delete directories rapidly on a cluster
- Manage client rights to delete directories rapidly
- Create qtrees with FlexGroup volumes
- Use quotas for FlexGroup volumes
- Enable storage efficiency on a FlexGroup volume
- Protect FlexGroup volumes using Snapshot copies
- Move the constituents of a FlexGroup volume
- Use aggregates in FabricPool for existing FlexGroup volumes
- Rebalance FlexGroup volumes
-
Data protection for FlexGroup volumes
- Workflow
- Create a SnapMirror relationship for FlexGroup volumes
- Create a SnapVault relationship for FlexGroup volumes
- Create a unified data protection relationship for FlexGroup volumes
- Create an SVM disaster recovery relationship for FlexGroup volumes
- Transition an existing FlexGroup SnapMirror relationship to SVM DR
- Convert a FlexVol volume to a FlexGroup volume within an SVM-DR relationship
- Considerations for creating SnapMirror cascade and fanout relationships for FlexGroups
- Considerations for creating a SnapVault backup relationship and a unified data protection relationship for FlexGroup volumes
- Monitor SnapMirror data transfers for FlexGroup volumes
- Manage data protection operations for FlexGroup volumes
- Convert FlexVol volumes to FlexGroup volumes
- FlexCache volumes management
-
Volume and LUN management with System Manager
-
Network management
- Get started
- NAS path failover workflow (ONTAP 9.8 and later)
- NAS path failover workflow (ONTAP 9.7 and earlier)
-
Network ports
- Overview
-
Configure network ports
- Combine physical ports to create interface groups
- Configure VLANs over physical ports
- Modify network port attributes
- Convert 40GbE NIC ports into multiple 10GbE ports for 10GbE connectivity
- Removing a NIC from the node (ONTAP 9.8 or later)
- Removing a NIC from the node (ONTAP 9.7 or earlier)
- Monitor network ports
- IPspaces
-
Broadcast domains
-
Broadcast domain (ONTAP 9.8 and later)
- Overview (ONTAP 9.8 and later)
- Create broadcast domains (ONTAP 9.8 and later)
- Add or remove ports (ONTAP 9.8 and later)
- Repair port reachability (ONTAP 9.8 and later)
- Move broadcast domains into IPspaces (ONTAP 9.8 and later)
- Split broadcast domains (ONTAP 9.8 and later)
- Merge broadcast domains (ONTAP 9.8 and later)
- Change the MTU value for ports in a broadcast domain (ONTAP 9.8 and later)
- Display broadcast domains (ONTAP 9.8 and later)
- Delete a broadcast domain
-
Broadcast domain (ONTAP 9.7 and earlier)
- Overview (ONTAP 9.7 and earlier)
- Determine ports (ONTAP 9.7 and earlier)
- Create broadcast domains (ONTAP 9.7 and earlier)
- Add or remove ports from a broadcast domain (ONTAP 9.7 and earlier)
- Split broadcast domains (ONTAP 9.7 and earlier)
- Merge broadcast domains (ONTAP 9.7 and earlier)
- Change the MTU value for ports in a broadcast domain (ONTAP 9.7 and earlier)
- Display broadcast domains
- Delete a broadcast domain
-
Broadcast domain (ONTAP 9.8 and later)
- Failover groups and policies
- Subnets (cluster administrators only)
- SVMs
- Logical interfaces (LIFs)
- Balance network loads
- Host name resolution
- Secure your network
- QoS marking (cluster administrators only)
- Manage SNMP (cluster administrators only)
- Manage routing in an SVM
-
View network information
- Overview
- Display network port information (cluster administrators only)
- Display information about a VLAN (cluster administrators only)
- Display interface group information (cluster administrators only)
- Display LIF information
- Display routing information
- Display DNS host table entries (cluster administrators only)
- Display DNS domain configurations
- Display information about failover groups
- Display LIF failover targets
- Display LIFs in a load balancing zone
- Display cluster connections
- Commands for diagnosing network problems
- Display network connectivity with neighbor discovery protocols
-
NAS storage management
-
Manage NAS protocols with System Manager
- NAS storage overview
- VMware datastores
- Home directories
- Linux servers
- Export policies
- Windows servers
- Both Windows and Linux
- Secure client access with Kerberos
- Enable or disable secure NFS client access with TLS
- Provide client access with name services
- Manage directories and files
- Manage host-specific users and groups
- Monitor NFS active clients
- Enable NAS storage
-
Configure NFS with the CLI
- Overview
- Workflow
- Preparation
-
Configure NFS access to an SVM
- Create an SVM
- Verify that the NFS protocol is enabled on the SVM
- Open the export policy of the SVM root volume
- Create an NFS server
- Create a LIF
- Enable DNS for host-name resolution
- Configure name services
- Use Kerberos with NFS for strong security
- Use TLS with NFS for strong security
- Add storage capacity to an NFS-enabled SVM
- Where to find additional information
- How ONTAP exports differ from 7-Mode exports
-
Manage NFS with the CLI
- Overview
- Understand NAS file access
- Create and manage data volumes in NAS namespaces
- Configure security styles
-
Set up file access using NFS
- Overview
-
Secure NFS access using export policies
- How export policies control client access to volumes or qtrees
- Default export policy for SVMs
- How export rules work
- Manage clients with an unlisted security type
- How security types determine client access levels
- Manage superuser access requests
- How ONTAP uses export policy caches
- How the access cache works
- How access cache parameters work
- Removing an export policy from a qtree
- Validating qtree IDs for qtree file operations
- Export policy restrictions and nested junctions for FlexVol volumes
- Using Kerberos with NFS for strong security
- Using TLS with NFS for strong security
- Configure name services
- Configure name mappings
- Enable access for Windows NFS clients
- Enable the display of NFS exports on NFS clients
-
Manage file access using NFS
- Enable or disable NFSv3
- Enable or disable NFSv4.0
- Enable or disable NFSv4.1
- Manage NFSv4 storepool limits
- Enable or disable pNFS
- Controlling NFS access over TCP and UDP
- Controlling NFS requests from nonreserved ports
- Handling NFS access to NTFS volumes or qtrees for unknown UNIX users
- Considerations for clients that mount NFS exports using a nonreserved port
- Performing stricter access checking for netgroups by verifying domains
- Modifying ports used for NFSv3 services
- Commands for managing NFS servers
- Troubleshooting name service issues
- Verifying name service connections
- Commands for managing name service switch entries
- Commands for managing name service cache
- Commands for managing name mappings
- Commands for managing local UNIX users
- Commands for managing local UNIX groups
- Limits for local UNIX users, groups, and group members
- Manage limits for local UNIX users and groups
- Commands for managing local netgroups
- Commands for managing NIS domain configurations
- Commands for managing LDAP client configurations
- Commands for managing LDAP configurations
- Commands for managing LDAP client schema templates
- Commands for managing NFS Kerberos interface configurations
- Commands for managing NFS Kerberos realm configurations
- Commands for managing export policies
- Commands for managing export rules
- Configure the NFS credential cache
- Manage export policy caches
- Manage file locks
- How FPolicy first-read and first-write filters work with NFS
- Modifying the NFSv4.1 server implementation ID
- Manage NFSv4 ACLs
- Manage NFSv4 file delegations
- Configure NFSv4 file and record locking
- How NFSv4 referrals work
- Enable or disable NFSv4 referrals
- Displaying NFS statistics
- Displaying DNS statistics
- Displaying NIS statistics
- Support for VMware vStorage over NFS
- Enable or disable VMware vStorage over NFS
- Enable or disable rquota support
- NFSv3 and NFSv4 performance improvement by modifying the TCP transfer size
- Modifying the NFSv3 and NFSv4 TCP maximum transfer size
- Configure the number of group IDs allowed for NFS users
- Controlling root user access to NTFS security-style data
- Supported NFS versions and clients
-
NFS and SMB file and directory naming dependencies
- Overview
- Characters a file or directory name can use
- Case-sensitivity of file and directory names in a multiprotocol environment
- How ONTAP creates file and directory names
- How ONTAP handles multi-byte file, directory, and qtree names
- Configure character mapping for SMB file name translation on volumes
- Commands for managing character mappings for SMB file name translation
- Manage NFS trunking
- Manage NFS over RDMA
-
Configure SMB with the CLI
- Overview
- Workflow
- Preparation
-
Configure SMB access to an SVM
- Overview
- Create an SVM
- Verify that the SMB protocol is enabled on the SVM
- Open the export policy of the SVM root volume
- Create a LIF
- Enable DNS for host-name resolution
- Set up an SMB server in an Active Directory domain
- Set up an SMB server in a workgroup
- Verify enabled SMB versions
- Map the SMB server on the DNS server
- Configure SMB client access to shared storage
-
Manage SMB with the CLI
- Overview
- SMB server support
-
Manage SMB servers
- Modify SMB servers
- Use options to customize SMB servers
-
Manage SMB server security settings
- How ONTAP handles SMB client authentication
- Guidelines for SMB server security settings in an SVM disaster recovery configuration
- Display information about CIFS server security settings
- Enable or disable required password complexity for local SMB users
- Modify the CIFS server Kerberos security settings
- Set the CIFS server minimum authentication security level
- Configure strong security for Kerberos-based communication by using AES encryption
- Enable or disable AES encryption for Kerberos-based communication
-
Use SMB signing to enhance network security
- Overview
- How SMB signing policies affect communication with a CIFS server
- Performance impact of SMB signing
- Recommendations for configuring SMB signing
- Guidelines for SMB signing when multiple data LIFS are configured
- Enable or disable required SMB signing for incoming SMB traffic
- Determining whether SMB sessions are signed
- Monitor SMB signed session statistics
- Configure required SMB encryption on SMB servers for data transfers over SMB
- Secure LDAP session communication
- Configure SMB Multichannel for performance and redundancy
- Configure default Windows user to UNIX user mappings on the SMB server
- Display information about what types of users are connected over SMB sessions
- Command options to limit excessive Windows client resource consumption
- Improve client performance with traditional and lease oplocks
-
Apply Group Policy Objects to SMB servers
- Overview
- Supported GPOs
- Requirements for using GPOs with your CIFS server
- Enable or disable GPO support on a SMB server
- How GPOs are updated on the SMB server
- Manually updating GPO settings on the CIFS server
- Display information about GPO configurations
- Display detailed information about restricted group GPOs
- Display information about central access policies
- Display information about central access policy rules
- Commands for managing CIFS servers computer account passwords
- Manage domain controller connections
- Use null sessions to access storage in non-Kerberos environments
- Manage NetBIOS aliases for SMB servers
- Manage miscellaneous SMB server tasks
- Use IPv6 for SMB access and SMB services
-
Set up file access using SMB
- Configure security styles
- Create and manage data volumes in NAS namespaces
- Configure name mappings
- Configure multidomain name-mapping searches
-
Create and configure SMB shares
- Overview
- What the default administrative shares are
- SMB share naming requirements
- Directory case-sensitivity requirements when creating shares in a multiprotocol environment
- Use SMB share properties
- Optimize SMB user access with the force-group share setting
- Create an SMB share with the force-group share setting
- View information about SMB shares using the MMC
- Commands for managing SMB shares
- Secure file access by using SMB share ACLs
- Secure file access by using file permissions
-
Secure file access by using Dynamic Access Control (DAC)
- Overview
- Supported Dynamic Access Control functionality
- Considerations when using Dynamic Access Control and central access policies with CIFS servers
- Enable or disable Dynamic Access Control
- Manage ACLs that contain Dynamic Access Control ACEs when Dynamic Access Control is disabled
- Configure central access policies to secure data on CIFS servers
- Display information about Dynamic Access Control security
- Revert considerations for Dynamic Access Control
- Where to find additional information about configuring and using Dynamic Access Control and central access policies
- Secure SMB access using export policies
- Secure file access by using Storage-Level Access Guard
-
Manage file access using SMB
-
Use local users and groups for authentication and authorization
-
How ONTAP uses local users and groups
- Local users and groups concepts
- Reasons for creating local users and local groups
- How local user authentication works
- How user access tokens are constructed
- Guidelines for using SnapMirror on SVMs that contain local groups
- What happens to local users and groups when deleting CIFS servers
- How you can use Microsoft Management Console with local users and groups
- Guidelines for reverting
- What local privileges are
- Guidelines for using BUILTIN groups and the local administrator account
- Requirements for local user passwords
- Predefined BUILTIN groups and default privileges
- Enable or disable local users and groups functionality
- Manage local user accounts
- Manage local groups
- Manage local privileges
-
How ONTAP uses local users and groups
- Configure bypass traverse checking
-
Display information about file security and audit policies
- Overview
- Display information about file security on NTFS security-style volumes
- Display information about file security on mixed security-style volumes
- Display information about file security on UNIX security-style volumes
- Display information about NTFS audit policies on FlexVol volumes using the CLI
- Display information about NFSv4 audit policies on FlexVol volumes using the CLI
- Ways to display information about file security and audit policies
-
Manage NTFS file security, NTFS audit policies, and Storage-Level Access Guard on SVMs using the CLI
- Overview
- Use cases for using the CLI to set file and folder security
- Limits when using the CLI to set file and folder security
- How security descriptors are used to apply file and folder security
- Guidelines for applying file-directory policies that use local users or groups on the SVM disaster recovery destination
- Configure and apply file security on NTFS files and folders using the CLI
- Configure and apply audit policies to NTFS files and folders using the CLI
- Considerations when managing security policy jobs
- Commands for managing NTFS security descriptors
- Commands for managing NTFS DACL access control entries
- Commands for managing NTFS SACL access control entries
- Commands for managing security policies
- Commands for managing security policy tasks
- Commands for managing security policy jobs
- Configure the metadata cache for SMB shares
- Manage file locks
- Monitor SMB activity
-
Use local users and groups for authentication and authorization
-
Deploy SMB client-based services
- Use offline files to allow caching of files for offline use
- Use roaming profiles to store user profiles centrally on a SMB server associated with the SVM
- Use folder redirection to store data on a SMB server
- Access the ~snapshot directory from Windows clients using SMB 2.x
-
Recover files and folders using Previous Versions
- Overview
- Requirements for using Microsoft Previous Versions
- Use the Previous Versions tab to view and manage Snapshot copy data
- Determine whether Snapshot copies are available for Previous Versions use
- Create a Snapshot configuration to enable Previous Versions access
- Guidelines for restoring directories that contain junctions
-
Deploy SMB server-based services
-
Manage home directories
- How ONTAP enables dynamic home directories
- Home directory shares
- Add a home directory search path
- Create a home directory configuration using the %w and %d variables
- Configure home directories using the %u variable
- Additional home directory configurations
- Commands for managing search paths
- Display information about an SMB user’s home directory path
- Manage accessibility to users' home directories
-
Configure SMB client access to UNIX symbolic links
- How ONTAP enables you to provide SMB client access to UNIX symbolic links
- Limits when configuring UNIX symbolic links for SMB access
- Control automatic DFS advertisements in ONTAP with a CIFS server option
- Configure UNIX symbolic link support on SMB shares
- Create symbolic link mappings for SMB shares
- Commands for managing symbolic link mappings
- Windows backup applications and Unix-style symlinks
-
Use BranchCache to cache SMB share content at a branch office
- Overview
- Requirements and guidelines
- Configure BranchCache
- Configure BranchCache-enabled SMB shares
-
Manage and monitor the BranchCache configuration
- Modify BranchCache configurations
- Display information about BranchCache configurations
- Change the BranchCache server key
- Pre-computing BranchCache hashes on specified paths
- Flush hashes from the SVM BranchCache hash store
- Display BranchCache statistics
- Support for BranchCache Group Policy Objects
- Display information about BranchCache Group Policy Objects
- Disable BranchCache on SMB shares
- Disable or enable BranchCache on the SVM
- Delete the BranchCache configuration on SVMs
- What happens to BranchCache when reverting
- Improve Microsoft remote copy performance
-
Improve client response time by providing SMB automatic node referrals with Auto Location
- Overview
- Requirements and guidelines for using automatic node referrals
- Support for SMB automatic node referrals
- Enable or disable SMB automatic node referrals
- Use statistics to monitor automatic node referral activity
- Monitor client-side SMB automatic node referral information using a Windows client
- Provide folder security on shares with access-based enumeration
-
Manage home directories
-
NFS and SMB file and directory naming dependencies
- Overview
- Characters a file or directory name can use
- Case-sensitivity of file and directory names in a multiprotocol environment
- How ONTAP creates file and directory names
- How ONTAP handles multi-byte file, directory, and qtree names
- Configure character mapping for SMB file name translation on volumes
- Commands for managing character mappings for SMB file name translation
- Provide S3 client access to NAS data
-
SMB configuration for Microsoft Hyper-V and SQL Server
- Overview
- Configure ONTAP for Microsoft Hyper-V and SQL Server over SMB solutions
-
Nondisruptive operations for Hyper-V and SQL Server over SMB
- What are nondisruptive operations?
- Protocols that enable nondisruptive operations over SMB
- Key concepts about nondisruptive operations for Hyper-V and SQL Server over SMB
- How SMB 3.0 functionality supports nondisruptive operations over SMB shares
- What the Witness protocol does to enhance transparent failover
- How the Witness protocol works
- Share-based backups with Remote VSS
- How ODX copy offload is used with Hyper-V and SQL Server over SMB shares
-
Configuration requirements and considerations
- ONTAP and licensing requirements
- Network and data LIF requirements
- SMB server and volume requirements for Hyper-V over SMB
- SMB server and volume requirements for SQL Server over SMB
- Continuously available share requirements and considerations for Hyper-V over SMB
- Continuously available share requirements and considerations for SQL Server over SMB
- Remote VSS considerations for Hyper-V over SMB configurations
- ODX copy offload requirements for SQL Server and Hyper-V over SMB
- Recommendations for SQL Server and Hyper-V over SMB configurations
- Plan the Hyper-V or SQL Server over SMB configuration
-
Create ONTAP configurations for nondisruptive operations with Hyper-V and SQL Server over SMB
- Overview
- Verify that both Kerberos and NTLMv2 authentication are permitted (Hyper-V over SMB shares)
- Verify that domain accounts map to the default UNIX user
- Verify that the security style of the SVM root volume is set to NTFS
- Verify that required CIFS server options are configured
- Configure SMB Multichannel for performance and redundancy
- Create NTFS data volumes
- Create continuously available SMB shares
- Add the SeSecurityPrivilege privilege to the user account (for SQL Server of SMB shares)
- Configure the VSS shadow copy directory depth (for Hyper-V over SMB shares)
- Manage Hyper-V and SQL Server over SMB configurations
- Use statistics to monitor Hyper-V and SQL Server over SMB activity
- Verify that the configuration is capable of nondisruptive operations
-
Manage NAS protocols with System Manager
-
SAN storage management
- SAN concepts
-
SAN administration
- SAN provisioning
- NVMe provisioning
-
Manage LUNs
- Edit LUN QoS Policy
- Convert a LUN into a namespace
- Take a LUN offline
- Resize a LUN
- Move a LUN
- Delete a LUN
- What to know before copying LUNs
- Examine configured and used space of a LUN
- Enable space allocation
- Control and monitor I/O performance to LUNs using Storage QoS
- Tools available to effectively monitor your LUNs
- Capabilities and restrictions of transitioned LUNs
- I/O misalignments on properly aligned LUNs
- Ways to address issues when LUNs go offline
- Troubleshoot iSCSI LUNs not visible on the host
- Manage igroups and portsets
-
Manage iSCSI protocol
- Configure your network for best performance
- Configure an SVM for iSCSI
- Define a security policy method for an initiator
- Delete an iSCSI service for an SVM
- Get more details in iSCSI session error recoveries
- Register the SVM with an iSNS server
- Resolve iSCSI error messages on the storage system
- iSCSI LIF failover for ASA platforms
- Manage FC protocol
- Manage NVMe protocol
-
Manage systems with FC adapters
- Overview
- Commands for managing FC adapters
- Configure FC adapters
- View adapter settings
- Change the UTA2 port from CNA mode to FC mode
- Change the CNA/UTA2 target adapter optical modules
- Supported port configurations for X1143A-R6 adapters
- Configure X1143A-R6 adapter ports
- Prevent loss of connectivity when using the X1133A-R6 adapter
- Manage LIFs for all SAN protocols
-
Recommended volume and file or LUN configuration combinations
- Overview
- Determine the correct volume and LUN configuration combination for your environment
- Calculate rate of data growth for LUNs
- Configuration settings for space-reserved files or LUNs with thick-provisioned volumes
- Configuration settings for non-space-reserved files or LUNs with thin-provisioned volumes
- Configuration settings for space-reserved files or LUNs with semi-thick volume provisioning
-
SAN data protection
- Overview
- Effect of moving or copying a LUN on Snapshot copies
-
Use FlexClone LUNs to protect your data
- Overview
- Reasons for using FlexClone LUNs
- How a FlexVol volume can reclaim free space with autodelete setting
- Configure a FlexVol volume to automatically delete FlexClone files and FlexClone LUNs
- Clone LUNs from an active volume
- Create FlexClone LUNs from a Snapshot copy in a volume
- Prevent automatic deletion of a FlexClone file or FlexClone LUN
- Configure and use SnapVault backups in a SAN environment
- How you can connect a host backup system to the primary storage system
- Back up a LUN through a host backup system
-
SAN configuration reference
- Overview
- iSCSI configurations
-
FC configurations
- Ways to configure FC & FC-NVMe SAN hosts
- FC switch configuration best practices
- Supported number of FC hop counts
- FC target port supported speeds
- FC Target port configuration recommendations
-
Manage systems with FC adapters
- Overview
- Commands for managing FC adapters
- Configure FC adapters for initiator mode
- Configure FC adapters for target mode
- Display information about an FC target adapter
- Change the FC adapter speed
- Supported FC ports
- Prevent loss of connectivity when using the X1133A-R6 adapter
- Manage X1143A-R6 adapters
- FCoE configurations
- Fibre Channel and FCoE zoning
- Shared SAN configurations
- SAN configurations in a MetroCluster environment
- Host support for multipathing
- Configuration limits
-
S3 object storage management
- Learn about S3 support in ONTAP 9
- Plan
- Configure
- Protect buckets with S3 SnapMirror
- Audit S3 events
-
Authentication and access control
- Authentication and access control
-
Manage administrator authentication and RBAC
- Overview
- Workflow
- Configuration worksheets
- Create login accounts
- Manage access-control roles
-
Manage administrator accounts
- Overview
- Associate a public key with an administrator account
- Manage SSH public keys and X.509 certificates for an administrator account
- Configure Cisco Duo 2FA for SSH logins
- Generate and install a CA-signed server certificate
- Manage certificates with System Manager
- Configure Active Directory domain controller access
- Configure LDAP or NIS server access
- Change an administrator password
- Lock and unlock an administrator account
- Manage failed login attempts
- Enforce SHA-2 on administrator account passwords
- Diagnose and correct file access issues with System Manager
- Manage multi-admin verification
- Manage dynamic authorization
- Authentication and authorization using OAuth 2.0
- Authentication and authorization using SAML
- Manage web services
- Verify the identity of remote servers using certificates
- Mutually authenticate the cluster and a KMIP server
-
Security and data encryption
- About NetApp ransomware protection
- Autonomous Ransomware Protection
-
Virus protection with Vscan
- Overview
- About NetApp antivirus protection
- Vscan server installation and configuration
- Configure scanner pools
- Configure on-access scanning
- Configure on-demand scanning
- Best practices for configuring off-box antivirus functionality
- Enable virus scanning on an SVM
- Reset the status of scanned files
- View Vscan event log information
- Monitor and troubleshoot connectivity issues
- ONTAP hardening guidelines