ONTAP docs
Release notes
Release highlights
What's new in ONTAP 9.16.1
What's new in ONTAP 9.15.1
What's new in ONTAP 9.14.1
What's new in ONTAP 9.13.1
What's new in ONTAP 9.12.1
What's new in ONTAP 9.11.1
What's new in ONTAP 9.10.1
What's new in ONTAP 9.9.1
Changes to ONTAP defaults and limits
Release support
Introduction and concepts
ONTAP concepts
ONTAP platforms
ONTAP user interfaces
Cluster storage
High-availability pairs
AutoSupport and Digital Advisor
Network architecture
Overview
Logical ports
Support for industry-standard network technologies
RDMA
Client protocols
Disks and aggregates
Overview
Aggregates and RAID groups
Mirrored and unmirrored local tiers (aggregates)
Root-data partitioning
Volumes, qtrees, files, and LUNs
Storage virtualization
Overview
SVM use cases
Cluster and SVM administration
Namespaces and junction points
Path failover
Overview
NAS path failover
SAN path failover
Load balancing
Replication
Snapshot copies
SnapMirror disaster recovery and data transfer
SnapMirror Cloud backups to object Storage
SnapVault archiving
Cloud backup and support for traditional backups
MetroCluster continuous availability
Storage efficiency
Overview
Thin provisioning
Deduplication
Compression
FlexClone volumes, files, and LUNs
Capacity measurements in System Manager
Temperature sensitive storage
CPU or offload processor storage efficiency
Security
Client authentication and authorization
Administrator authentication and RBAC
Virus scanning
Encryption
WORM storage
ONTAP and VMware vSphere
Application aware data management
FabricPool
System Manager integration with BlueXP
Set up, upgrade and revert ONTAP
Set up ONTAP
Get started
Set up a cluster with System Manager
Set up a cluster with the CLI
Create the cluster on the first node
Join remaining nodes to the cluster
Convert management LIFs from IPv4 to IPv6
Check your cluster with Active IQ Config Advisor
Synchronize the system time across the cluster
Commands for managing symmetric authentication on NTP servers
Additional system configuration tasks to complete
Configure All-Flash SAN Array software
Overview
ASA configuration support and limitations
Upgrade ONTAP
Overview
When to upgrade ONTAP
Execute automated pre-upgrade checks before a planned upgrade
Prepare for an ONTAP upgrade
Determine how long an upgrade will take
Prepare to upgrade with Upgrade Advisor
Prepare to upgrade without Upgrade Advisor
Preparation summary
Choose your target ONTAP release
Confirm configuration support
Identify common configuration errors
Upgrade paths
Verify LIF failover configuration
Verify SVM routing configuration
Special considerations
Summary of special considerations
Mixed version clusters
MetroCluster upgrade requirements
SAN configurations
SnapMirror
Verify compatibility of ONTAP versions
DP-type relationships
Disable long-term retention snapshots
Verify licensing for SnapMirror S3 configurations
NetApp Storage Encryption
Netgroups
Assign an explicit value to the v4.2-xattrs option
LDAP clients using SSLv3
Session-oriented protocols
SSH public keys
Respond to ARP security warnings
Reboot SP or BMC
Download the ONTAP software image
ONTAP upgrade methods
Overview of upgrade methods
Automated upgrade
Manual upgrades
Install software package
Manual nondisruptive standard configuration
Manual nondisruptive MetroCluster (4 or 8 node)
Manual nondisruptive MetroCluster (2-node)
Manual disruptive
What to do after an ONTAP upgrade
Summary of post-upgrade verifications
Verify the cluster
Verify all LIFs are on home ports
Special configurations
Summary of post-upgrade special configurations
Network configuration
EMS LIF service
Networking and storage status
SAN configuration
KMIP server connections
Load-sharing mirror source volumes
User accounts that can access the Service Processor
Update the DQP
Firmware, system, and security updates
Overview
How automatic updates are scheduled for installation
Enable automatic updates
Modify automatic updates
Manage recommended automatic updates
Update firmware manually
Revert ONTAP
Do I need technical support?
ONTAP revert paths
Revert issues and limitations
Prepare for an ONTAP revert
Resources to review before a revert
System verifications
Perform ONTAP version specific pre-revert checks
Summary of pre-revert checks
Any ONTAP 9 version
SMB sessions
SnapMirror/SnapVault relationships
Deduplicated volumes
Snapshots
SnapLock
Automatic unplanned switchover for MetroCluster configurations
ONTAP 9.16.1
NVMe TLS configuration
Extended qtree performance monitoring
S3 CORS configuration
ONTAP 9.14.1
NFS trunking
ONTAP 9.12.1
S3 NAS buckets
NVMe in-band authentication
IPsec for MetroCluster configurations
ONTAP 9.11.1
Anti-ransomware licensing
ONTAP 9.6
SnapMirror Synchronous relationships
Download and install the revert software image
Revert a cluster
What to do after an ONTAP revert
Verify cluster and storage health
Enable automatic switchover for MetroCluster configurations
Enable and revert LIFs to home ports
Enable Snapshot copy policies
Verify IPv6 firewall entries
Verify user accounts that can access the Service Processor
Cluster administration
Cluster management with System Manager
Administration overview
Use System Manager to access a Cluster
Enable new features
Download a cluster configuration
Assign tags to a cluster
View and submit support cases
Manage maximum capacity limit of a storage VM
Monitor capacity with System Manager
View hardware configurations and determine problems
Manage nodes
License management
Overview
Download NetApp License Files (NLFs)
Install ONTAP licenses
Manage ONTAP licenses
License types and licensed method
Commands for managing licenses
Cluster management with the CLI
Overview
Cluster and SVM administrators
Roles
Manage access to System Manager
What the cluster management server is
Types of SVMs
Access the cluster by using the CLI (cluster administrators only)
Access the cluster by using the serial port
Access the cluster using SSH
SSH login security
Enable Telnet or RSH access to the cluster
Access the cluster using Telnet
Access the cluster using RSH
Use the ONTAP command-line interface
Overview
Different shells for CLI commands (cluster administrators only)
Methods of navigating CLI command directories
Rules for specifying values in the CLI
Methods of viewing command history and reissuing commands
Keyboard shortcuts for editing CLI commands
Use of administrative privilege levels
Set the privilege level in the CLI
Set display preferences in the CLI
Methods of using query operators
Methods of using extended queries
Methods of customizing show command output by using fields
About positional parameters
Methods of accessing ONTAP man pages
Manage CLI sessions (cluster administrators only)
Cluster management (cluster administrators only)
Display information about the nodes in a cluster
Display cluster attributes
Modify cluster attributes
Display the status of cluster replication rings
About quorum and epsilon
What system volumes are
Manage nodes
Add nodes to the cluster
Remove nodes from the cluster
Access a node’s log, core dump, and MIB files by using a web browser
Access the system console of a node
Manage node root volumes and root aggregates
Start or stop a node
Manage a node by using the boot menu
Display node attributes
Modify node attributes
Rename a node
Manage single-node clusters
Configure the SP/BMC network
Isolate management network traffic
Considerations for the SP/BMC network configuration
Enable the SP/BMC automatic network configuration
Configure the SP/BMC network manually
Modify the SP API service configuration
Manage nodes remotely using the SP/BMC
Overview
About the Service Processor (SP)
About the Baseboard Management Controller (BMC)
Methods of managing SP/BMC firmware updates
When the SP/BMC uses the network interface for firmware updates
Accounts that can access the SP
Access the SP/BMC from an administration host
Access the SP/BMC from the system console
Relationship among the SP CLI, SP console, and system console sessions
Manage the IP addresses that can access the SP
Use online help at the SP/BMC CLI
Commands to manage a node remotely
About the threshold-based SP sensor readings and status values of the system sensors command output
About the discrete SP sensor status values of the system sensors command output
Commands for managing the SP from ONTAP
ONTAP commands for BMC management
BMC CLI commands
Manage the cluster time (cluster administrators only)
Manage the banner and MOTD
Overview
Create a banner
Manage the banner
Create an MOTD
Manage the MOTD
Manage jobs and schedules
Back up and restore cluster configurations (cluster administrators only)
What configuration backup files are
How the node and cluster configurations are backed up automatically
Commands for managing configuration backup schedules
Commands for managing configuration backup files
Find a configuration backup file to use for recovering a node
Restore the node configuration using a configuration backup file
Find a configuration to use for recovering a cluster
Restore a cluster configuration from an existing configuration
Synchronize a node with the cluster
Manage core dumps (cluster administrators only)
Disk and tier (aggregate) management
Overview
Manage local tiers (aggregates)
Overview
Add (create) a local tier (aggregate)
Overview
Workflow to add a local tier (aggregate)
Determine the number of disks or disk partitions required for a local tier (aggregate)
Decide which local tier (aggregate) creation method to use
Add (create) local tiers (aggregates) automatically
Add (create) local tiers (aggregates) manually
Manage the use of local tiers (aggregates)
Overview
Rename a local tier (aggregate)
Set media cost of a local tier (aggregate)
Manually Fast zero drives
Manually assign disk ownership
Determine drive and RAID group information for a local tier (aggregate)
Assign local tiers (aggregates) to storage VMs (SVMs)
Determine which volumes reside on a local tier (aggregate)
Determine and control a volume’s space usage in a local tier (aggregate)
Determine space usage in a local tier (aggregate)
Relocate local tier (aggregate) ownership within an HA pair
Delete a local tier (aggregate)
Commands for relocating local tiers (aggregates)
Commands for managing local tiers (aggregates)
Add capacity (disks) to a local tier (aggregate)
Overview
Workflow to add capacity to a local tier (expanding an aggregate)
Methods to create space in a local tier (aggregate)
Add disks to a local tier (aggregate)
Add drives to a node or shelf
Correct misaligned spare partitions
Manage disks
Overview
How hot spare disks work
How low spare warnings can help you manage your spare disks
Additional root-data partitioning management options
When you need to update the Disk Qualification Package
Disk and partition ownership
Overview
About auto-assignment of disk ownership
Display disk and partition ownership
Change auto-assignment settings for disk ownership
Manually assign ownership of unpartitioned disks
Manually assign ownership of partitioned disks
Set up an active-passive configuration on nodes using root-data partitioning
Set up an active-passive configuration on nodes using root-data-data partitioning
Remove ownership from a disk
Remove a failed disk
Disk sanitization
Overview
When sanitization cannot be performed
What happens if sanitization is interrupted
Tips for managing local tiers (aggregates) containing data to be sanitized
Sanitize a disk
Commands for managing disks
Commands for displaying space usage information
Commands for displaying information about storage shelves
Manage RAID configurations
Overview
Default RAID policies for local tiers (aggregates)
RAID protection levels for disks
Drive and RAID group information for a local tier (aggregate)
Convert from RAID-DP to RAID-TEC
Convert RAID-TEC to RAID-DP
Considerations for sizing RAID groups
Customize the size of your RAID groups
Manage Flash Pool local tiers (aggregates)
Overview
Flash Pool local tier (aggregate) caching policies
Manage Flash Pool caching policies
Overview
Determine whether to modify the caching policy of Flash Pool local tiers (aggregates)
Modify caching policies of Flash Pool local tiers (aggregates)
Set the cache-retention policy for Flash Pool local tiers (aggregates)
Flash Pool SSD partitioning for Flash Pool local tiers (aggregates) using storage pools
Flash Pool candidacy and optimal cache size
Create a Flash Pool local tier (aggregate) using physical SSDs
Create a Flash Pool local tier (aggregate) using SSD storage pools
Overview
Determine whether a Flash Pool local tier (aggregate) is using an SSD storage pool
Add cache by adding an SSD storage pool
Create a Flash Pool using SSD storage pool allocation units
Determine the impact to cache size of adding SSDs to an SSD storage pool
Add SSDs to an SSD storage pool
Commands for managing SSD storage pools
FabricPool tier management
Overview
Requirements for using ONTAP FabricPool
Tier data efficiently with ONTAP FabricPool policies
FabricPool management workflow
Configure FabricPool
Prepare for FabricPool configuration
Overview
Install a FabricPool license on an ONTAP cluster
Install a CA certificate on an ONTAP cluster for StorageGRID
Install a CA certificate on a cluster for ONTAP S3
Set up an object store as the cloud tier for FabricPool
Overview
Set up StorageGRID as the ONTAP FabricPool cloud tier
Set up ONTAP S3 as the ONTAP FabricPool cloud tier
Set up Alibaba Cloud Object Storage as the ONTAP FabricPool cloud tier
Set up Amazon S3 as the ONTAP FabricPool cloud tier
Set up Google Cloud Storage as the ONTAP FabricPool cloud tier
Set up IBM Cloud Object Storage as the ONTAP FabricPool cloud tier
Set up Azure Blob Storage as the ONTAP FabricPool cloud tier
Set up object stores for FabricPool in a MetroCluster configuration
Test the ONTAP cloud tier latency and throughput performance
Associate the ONTAP cloud tier with a local tier (aggregate)
Tier data to local bucket
Manage FabricPool
Analyze inactive ONTAP data with inactive data reporting
Manage volumes for FabricPool
Create a volume on a FabricPool-enabled ONTAP aggregate
Move a volume to a FabricPool-enabled ONTAP aggregate
Enable ONTAP volumes in FabricPool to write directly to the cloud
Enable ONTAP volumes in FabricPool to perform aggressive read-aheads
Manage ONTAP FabricPool volumes with user-created custom tags
Monitor space utilization of a FabricPool-enabled ONTAP aggregate
Modify an ONTAP volume's tiering policy and minimum cooling period
Archive volumes with FabricPool (video)
Modify an ONTAP volume's default FabricPool tiering policy
Throttle PUTs
Object deletion
Promote ONTAP data to the performance tier
Manage FabricPool mirrors
Overview
Create an ONTAP FabricPool mirror
Display ONTAP FabricPool mirror details
Promote an ONTAP FabricPool mirror
Remove an ONTAP FabricPool mirror
Replace an existing object store with an ONTAP FabricPool mirror
Replace a FabricPool mirror in an ONTAP MetroCluster configuration
Commands for managing FabricPool resources
SVM data mobility
Overview
Migrate an SVM
Monitor migration
Pause and resume migration
Cancel migration
Manually cut over clients
Manually remove source SVM
HA pair management
Overview
How hardware-assisted takeover works
How automatic takeover and giveback works
Automatic takeover commands
Automatic giveback commands
Manual takeover commands
Manual giveback commands
Testing takeover and giveback
Commands for monitoring an HA pair
Commands for enabling and disabling storage failover
Halt or reboot a node without initiating takeover
Rest API management with System Manager
Rest log overview
Access the REST API log
Volume administration
Volume and LUN management with System Manager
Overview
Manage volumes
Overview
Add a volume
Assign tags to a volume
Recover deleted volumes
Manage LUNs
Expand volumes and LUNs
Save storage space
Balance load by moving LUNs
Balance loads by moving volumes to another tier
Use Ansible Playbooks to add or edit volumes or LUNs
Manage storage efficiency policies
Manage resources using quotas
Limit resource use
Clone data with FlexClone
Search, filter, and sort
Capacity measurements
Logical storage management with the CLI
Overview
Create and manage volumes
Create a volume
Enable large volume and large file support
SAN volumes
Overview of SAN volume provisioning
Configure volume provisioning options
Determine space usage in a volume or aggregate
Enable automatic snapshot and LUN deletion to manage space
Configure volumes to automatically provide more space when they are full
Configure volumes to automatically grow and shrink their size
Requirements for enabling both autoshrink and automatic Snapshot copy deletion
Autoshrink functionality and snapshot copy deletion
Address FlexVol volume fullness and overallocation alerts
Address aggregate fullness and overallocation alerts
Considerations when setting fractional reserve
Determine file and inode usage for a volume
Control and monitor FlexVol volume I/O performance with Storage QoS
Delete a FlexVol volume
Protection against accidental volume deletion
Commands for managing FlexVol volumes
Commands for displaying space usage information
Move and copy volumes
Move a FlexVol volume overview
Considerations and recommendations when moving volumes
Requirements for moving volumes in a SAN environment
Move a volume
Commands for moving volumes
Methods for copying a volume
Use FlexClone volumes to create efficient copies of your FlexVol volumes
Overview
Create a FlexClone volume
Split a FlexClone volume from its parent volume
Determine the space used by a FlexClone volume
Considerations for creating a FlexClone volume from a SnapMirror source or destination volume
Use FlexClone files and FlexClone LUNs to create efficient copies of files and LUNs
Overview
Create a FlexClone file or FlexClone LUN
View node capacity for creating and deleting FlexClone files and FlexClone LUNs
View the space savings due to FlexClone files and FlexClone LUNs
Methods to delete FlexClone files and FlexClone LUNs
How a FlexVol volume can reclaim free space with autodelete setting
Overview
Configure a FlexVol volume to automatically delete FlexClone files and FlexClone LUNs
Prevent automatic deletion of a FlexClone file or FlexClone LUN
Commands for configuring deletion of FlexClone files
Use qtrees to partition your FlexVol volumes
Qtrees and FlexVol volume partitioning
Obtain a qtree junction path
Directory to qtree conversions
Convert a directory to a qtree
Convert a directory to a qtree using a Windows client
Convert a directory to a qtree using a UNIX client
Logical space reporting and enforcement for volumes
Overview
Logical space enforcement
Logical space reporting
Enable logical space reporting and enforcement
Manage SVM capacity
Use quotas to restrict or track resource usage
Overview of the quota process
Understand quotas, quota rules, and quota policies
Benefits of using quotas
Quota process
Differences among hard, soft, and threshold quotas
About quota notifications
Quota targets and types
Special kinds of quotas
How default quotas work
How you use explicit quotas
How derived quotas work
Use tracking quotas
How quotas are applied
Considerations for assigning quota policies
How quotas work with users and groups
Overview
Specify UNIX users for quotas
Specify Windows users for quotas
How default user and group quotas create derived quotas
How quotas are applied to the root user
How quotas work with special Windows groups
How quotas are applied to users with multiple IDs
How ONTAP determines user IDs in a mixed environment
How quotas work with multiple users
UNIX and Windows name linking for quotas
How tree quotas work
Overview
How user and group quotas work with qtrees
How default tree quotas on a FlexVol volume create derived tree quotas
How default user quotas on a FlexVol volume affect quotas for the qtrees in that volume
How qtree changes affect quotas
How quotas are activated
Overview
Understand when to use resizing
When a full quota reinitialization is required
How you can view quota information
Overview
See what quotas are in effect using the quota report
Why enforced quotas differ from configured quotas
Use the quota report to determine which quotas limit writes to a specific file
Commands for displaying information about quotas
When to use the volume quota policy rule show and volume quota report commands
Difference in space usage displayed by a quota report and a UNIX client
Overview
Disparity between ls command and quota report for space usage
How the df command accounts for file size
How the du command accounts for space usage
Examples of quota configuration
Set up quotas on an SVM
Modify (or Resizing) quota limits
Reinitialize quotas after making extensive changes
Commands to manage quota rules and quota policies
Commands to activate and modify quotas
Use deduplication, data compression, and data compaction to increase storage efficiency
Overview
Enable deduplication on a volume
Disable deduplication on a volume
Automatic volume-level background deduplication on AFF systems
Manage aggregate-level inline deduplication on AFF systems
Manage aggregate-level background deduplication on AFF systems
Temperature-sensitive storage efficiency overview
Storage efficiency behavior with volume move and SnapMirror
Set storage efficiency modes
Change volume inactive data compression threshold
Check volume efficiency mode
Change volume efficiency mode
View volume footprint savings with or without temperature-sensitive storage efficiency
Enable data compression on a volume
Move between secondary compression and adaptive compression
Disable data compression on a volume
Manage inline data compaction for AFF systems
Enable inline data compaction for FAS systems
Inline storage efficiency enabled by default on AFF systems
Enable storage efficiency visualization
Create a volume efficiency policy to run efficiency operations
Create a volume efficiency policy
Assign a volume efficiency policy to a volume
Modify a volume efficiency policy
View a volume efficiency policy
Disassociate a volume efficiency policy from a volume
Delete a volume efficiency policy
Manage volume efficiency operations manually
Overview
Run an efficiency operation manually
Checkpoints and efficiency operations
Resume a halted efficiency operation
Run an efficiency operation manually on existing data
Manage volume efficiency operations using schedules
Run an efficiency operation based on the amount of new data written
Run an efficiency operation using scheduling
Monitor volume efficiency operations
View efficiency operations and status
View efficiency space savings
View efficiency statistics of a FlexVol volume
Stop volume efficiency operations
Additional information about removing space savings from a volume
Rehost a volume from one SVM to another SVM
Prepare
Rehost an SMB volume
Rehost an NFS volume
Rehost a SAN volume
Rehost a volume in a SnapMirror relationship
Features that do not support volume rehost
Recommended volume and file or LUN configuration combinations
Overview
Determine the correct volume and LUN configuration combination for your environment
Configuration settings for space-reserved files or LUNs with thick-provisioned volumes
Settings for non-space-reserved files or LUNs with thin-provisioned volumes
Configuration settings for space-reserved files or LUNs with semi-thick volume provisioning
Cautions and considerations for changing file or directory capacity
The maximum number of files allowed for FlexVol volumes
Maximum directory size for FlexVol volumes
Restrictions on node root volumes and root aggregates
Relocate a root volume to new aggregates
Features supported by FlexClone files and FlexClone LUNs
Overview
Deduplication with FlexClone files and FlexClone LUNs
How Snapshot copies work with FlexClone files and FlexClone LUNs
Inheritance of access control lists by FlexClone files and FlexClone LUNs
How quotas work with FlexClone files and FlexClone LUNs
FlexClone volumes and associated FlexClone files and FlexClone LUNs
NDMP and FlexClone files and LUNs
How volume SnapMirror works with FlexClone files and FlexClone LUNs
How space reservation works with FlexClone files and FlexClone LUNs
How an HA configuration works with FlexClone files and FlexClone LUNs
Provision NAS storage for large file systems using FlexGroup volumes
FlexGroup volumes management with the CLI
Overview
What a FlexGroup volume is
Supported and unsupported configurations for FlexGroup volumes
FlexGroup volume setup
Workflow
Enable 64-bit NFSv3 identifiers on an SVM
Provision a FlexGroup volume automatically
Create a FlexGroup volume
Manage FlexGroup volumes
Monitor the space usage of a FlexGroup volume
Increase the size of a FlexGroup volume
Reduce the size of a FlexGroup volume
Configure FlexGroup volumes to automatically grow and shrink their size
Delete directories asynchronously on a cluster
Manage client rights to delete directories asynchronously
Create qtrees with FlexGroup volumes
Use quotas for FlexGroup volumes
Enable storage efficiency on a FlexGroup volume
Protect FlexGroup volumes using Snapshot copies
Move the constituents of a FlexGroup volume
Use aggregates in FabricPool for existing FlexGroup volumes
Balance FlexGroup volumes by redistributing file data
Rebalance FlexGroup volumes by moving files
Data protection for FlexGroup volumes
Workflow
Create a SnapMirror relationship for FlexGroup volumes
Create a SnapVault relationship for FlexGroup volumes
Create a unified data protection relationship for FlexGroup volumes
Create an SVM disaster recovery relationship for FlexGroup volumes
Transition an existing FlexGroup SnapMirror relationship to SVM DR
Convert a FlexVol volume to a FlexGroup volume within an SVM-DR relationship
Considerations for creating SnapMirror cascade and fanout relationships for FlexGroups
Considerations for creating a SnapVault backup relationship and a unified data protection relationship for FlexGroup volumes
Monitor SnapMirror data transfers for FlexGroup volumes
Manage data protection operations for FlexGroup volumes
Disaster recovery for FlexGroup volumes
Workflow
Activate the destination FlexGroup volume
Reactivate the original source FlexGroup volume after disaster
Reverse a SnapMirror relationship between FlexGroup volumes during disaster recovery
Expand FlexGroup volumes in a SnapMirror relationship
Overview
Expand the source FlexGroup volume of a SnapMirror relationship
Expand the destination FlexGroup volume of a SnapMirror relationship
Perform a SnapMirror single file restore from a FlexGroup volume
Restore a FlexGroup volume from a SnapVault backup
Disable SVM protection on a FlexGroup volume
Enable SVM protection on a FlexGroup volume
Convert FlexVol volumes to FlexGroup volumes
Overview
Convert a FlexVol volume to a FlexGroup volume
Convert a FlexVol volume SnapMirror relationship to a FlexGroup volume SnapMirror relationship
FlexCache volumes management
Overview
FlexCache volumes supported protocols and features
Guidelines for sizing a FlexCache volume
Create a FlexCache volume
FlexCache writeback
Overview
Guidelines
Architecture
Use cases
Prerequisites
Interoperability
Enable and manage write-back
FAQ
Manage FlexCache volumes
Considerations for auditing FlexCache volumes
Synchronize properties of a FlexCache volume from an origin volume
Update the configurations of a FlexCache relationship
Enable file access time updates
Enable global file locking
Prepopulate a FlexCache volume
Delete a FlexCache relationship
Network management
Get started
Storage network visualization with ONTAP System Manager
Networking components of an ONTAP cluster
Network cabling guidelines
Relationship between broadcast domains, failover groups, and failover policies
NAS path failover workflow (ONTAP 9.8 and later)
Overview (ONTAP 9.8 and later)
Workflow (ONTAP 9.8 and later)
Worksheet (ONTAP 9.8 and later)
NAS path failover workflow (ONTAP 9.7 and earlier)
Overview (ONTAP 9.7 and earlier)
Workflow (ONTAP 9.7 and earlier)
Worksheet (ONTAP 9.7 and earlier)
Network ports
Overview
Configure network ports
Combine physical ports to create interface groups
Configure VLANs over physical ports
Modify network port attributes
Convert 40GbE NIC ports into multiple 10GbE ports for 10GbE connectivity
Configure UTA X1143A-R6 ports for your ONTAP system
Covert the UTA2 port in ONTAP
Convert the CNA/UTA2 optical modules
Removing a NIC from the node (ONTAP 9.8 or later)
Removing a NIC from the node (ONTAP 9.7 or earlier)
Monitor network ports
Monitor the health of network ports
Monitor the reachability of network ports (ONTAP 9.8 and later)
ONTAP port usage on a storage system
ONTAP internal TCP and UDP ports
IPspaces
Overview
Create IPspaces
Display IPspaces
Delete an IPspace
Broadcast domains
Broadcast domain (ONTAP 9.8 and later)
Overview (ONTAP 9.8 and later)
Create broadcast domains (ONTAP 9.8 and later)
Add or remove ports (ONTAP 9.8 and later)
Repair port reachability (ONTAP 9.8 and later)
Move broadcast domains into IPspaces (ONTAP 9.8 and later)
Split broadcast domains (ONTAP 9.8 and later)
Merge broadcast domains (ONTAP 9.8 and later)
Change the MTU value for ports in a broadcast domain (ONTAP 9.8 and later)
Display broadcast domains (ONTAP 9.8 and later)
Delete a broadcast domain
Broadcast domain (ONTAP 9.7 and earlier)
Overview (ONTAP 9.7 and earlier)
Determine ports (ONTAP 9.7 and earlier)
Create broadcast domains (ONTAP 9.7 and earlier)
Add or remove ports from a broadcast domain (ONTAP 9.7 and earlier)
Split broadcast domains (ONTAP 9.7 and earlier)
Merge broadcast domains (ONTAP 9.7 and earlier)
Change the MTU value for ports in a broadcast domain (ONTAP 9.7 and earlier)
Display broadcast domains
Delete a broadcast domain
Failover groups and policies
Failover overview
Create a failover group
Configure failover settings on a LIF
Commands for managing failover groups and policies
Subnets (cluster administrators only)
Overview
Create a subnet
Add or remove IP addresses from a subnet
Change subnet properties
Display subnets
Delete a subnet
SVMs
Logical interfaces (LIFs)
LIF overview
Overview
LIF compatibility with port types
Manage supported traffic
LIFs and service policies (ONTAP 9.6 and later)
LIF roles (ONTAP 9.5 and earlier)
Manage LIFs
Configure LIF service policies
Create a LIF (network interface)
Modify a LIF
Migrate a LIF
Revert a LIF to its home port
Recover from an incorrectly configured cluster LIF (ONTAP 9.8 and later)
Delete a LIF
Virtual IP (VIP) LIFs
Balance network loads
Optimize network traffic (cluster administrators only)
DNS load balancing overview
Create a DNS load balancing zone
Add or remove a LIF from a load balancing zone
Configure DNS services (ONTAP 9.8 and later)
Configure DNS services (ONTAP 9.7 and earlier)
Configure dynamic DNS services
Host name resolution
Overview
Configure DNS for host-name resolution
Manage the hosts table (cluster administrators only)
Secure your network
Configure network security using federal information processing standards (FIPS)
Configure IPsec in-flight encryption
Prepare to use IPsec
Configure IPsec
Configure firewall policies for LIFs
Commands for managing firewall service and policies
QoS marking (cluster administrators only)
Overview
Modify QoS marking values
Display QoS marking values
Manage SNMP (cluster administrators only)
Overview
Create an SNMP community and assigning it to a LIF
Configure SNMPv3 users in a cluster
Configure traphosts to receive SNMP notifications
Test SNMP polling
Commands for managing SNMP
Manage routing in an SVM
Overview
Create a static route
Enable multipath routing
Delete a static route
Display routing information
Remove dynamic routes from routing tables
View network information
Overview
Display network port information (cluster administrators only)
Display information about a VLAN (cluster administrators only)
Display interface group information (cluster administrators only)
Display LIF information
Display routing information
Display DNS host table entries (cluster administrators only)
Display DNS domain configurations
Display information about failover groups
Display LIF failover targets
Display LIFs in a load balancing zone
Display cluster connections
Commands for diagnosing network problems
Display network connectivity with neighbor discovery protocols
Neighbor discovery protocol overview
Use CDP to detect network connectivity
Use LLDP to detect network connectivity
NAS storage management
Manage NAS protocols with System Manager
NAS storage overview
VMware datastores
Home directories
Linux servers
Export policies
Windows servers
Both Windows and Linux
Secure client access with Kerberos
Enable or disable secure NFS client access with TLS
Provide client access with name services
Manage directories and files
Manage host-specific users and groups
Monitor NFS active clients
Enable NAS storage
Enable Linux servers
Enable Windows servers
Enable Both Windows and Linux
Configure NFS with the CLI
Overview
Workflow
Preparation
Assess physical storage requirements
Assess networking requirements
Decide where to provision new NFS storage capacity
Worksheet for gathering NFS configuration information
Configure NFS access to an SVM
Create an SVM
Verify that the NFS protocol is enabled on the SVM
Open the export policy of the SVM root volume
Create an NFS server
Create a LIF
Enable DNS for host-name resolution
Configure name services
Overview
Configure the name service switch table
Configure local UNIX users and groups
Overview
Create a local UNIX user
Load local UNIX users from a URI
Create a local UNIX group
Add a user to a local UNIX group
Load local UNIX groups from a URI
Work with netgroups
Overview
Load netgroups into SVMs
Verify the status of netgroup definitions
Create an NIS domain configuration
Use LDAP
Overview
Create a new LDAP client schema
Create an LDAP client configuration
Associate the LDAP client configuration with SVMs
Verify LDAP sources in the name service switch table
Use Kerberos with NFS for strong security
Overview
Verify permissions for Kerberos configuration
Create an NFS Kerberos realm configuration
Configure NFS Kerberos permitted encryption types
Enable Kerberos on a data LIF
Use TLS with NFS for strong security
Overview
Enable or disable TLS for NFS clients
Add storage capacity to an NFS-enabled SVM
Overview
Create an export policy
Add a rule to an export policy
Create a volume or qtree storage container
Create a volume
Create a qtree
Secure NFS access using export policies
Overview
Manage the processing order of export rules
Assign an export policy to a volume
Assign an export policy to a qtree
Verify NFS client access from the cluster
Test NFS access from client systems
Where to find additional information
How ONTAP exports differ from 7-Mode exports
Overview
Comparison of exports in 7-Mode and ONTAP
Examples of ONTAP export policies
Manage NFS with the CLI
Overview
Understand NAS file access
Namespaces and junction points
Overview
What the typical NAS namespace architectures are
How ONTAP controls access to files
Overview
Authentication-based restrictions
File-based restrictions
How ONTAP handles NFS client authentication
Overview
How ONTAP uses name services
How ONTAP grants SMB file access from NFS clients
How the NFS credential cache works
Create and manage data volumes in NAS namespaces
Create data volumes with specified junction points
Creating data volumes without specifying junction points
Mounting or unmounting existing volumes in the NAS namespace
Displaying volume mount and junction point information
Configure security styles
How security styles affect data access
What the security styles and their effects are
Where and when to set security styles
Decide which security style to use on SVMs
How security style inheritance works
How ONTAP preserves UNIX permissions
Manage UNIX permissions using the Windows Security tab
Configure security styles on SVM root volumes
Configure security styles on FlexVol volumes
Configure security styles on qtrees
Set up file access using NFS
Overview
Secure NFS access using export policies
How export policies control client access to volumes or qtrees
Default export policy for SVMs
How export rules work
Manage clients with an unlisted security type
How security types determine client access levels
Manage superuser access requests
How ONTAP uses export policy caches
How the access cache works
How access cache parameters work
Removing an export policy from a qtree
Validating qtree IDs for qtree file operations
Export policy restrictions and nested junctions for FlexVol volumes
Using Kerberos with NFS for strong security
ONTAP support for Kerberos
Requirements for configuring Kerberos with NFS
Specifying the user ID domain for NFSv4
Using TLS with NFS for strong security
Overview
Enable or disable TLS for NFS clients
Configure name services
How ONTAP name service switch configuration works
Use LDAP
Overview
LDAP signing and sealing concepts
LDAPS concepts
Enable LDAP RFC2307bis support
Configuration options for LDAP directory searches
Improve performance of LDAP directory netgroup-by-host searches
Use LDAP fast bind for nsswitch authentication
Display LDAP statistics
Configure name mappings
Overview
How name mapping works
Multidomain searches for UNIX user to Windows user name mappings
Name mapping conversion rules
Create a name mapping
Configure the default user
Commands for managing name mappings
Enable access for Windows NFS clients
Enable the display of NFS exports on NFS clients
Manage file access using NFS
Enable or disable NFSv3
Enable or disable NFSv4.0
Enable or disable NFSv4.1
Manage NFSv4 storepool limits
Enable or disable pNFS
Controlling NFS access over TCP and UDP
Controlling NFS requests from nonreserved ports
Handling NFS access to NTFS volumes or qtrees for unknown UNIX users
Considerations for clients that mount NFS exports using a nonreserved port
Performing stricter access checking for netgroups by verifying domains
Modifying ports used for NFSv3 services
Commands for managing NFS servers
Troubleshooting name service issues
Verifying name service connections
Commands for managing name service switch entries
Commands for managing name service cache
Commands for managing name mappings
Commands for managing local UNIX users
Commands for managing local UNIX groups
Limits for local UNIX users, groups, and group members
Manage limits for local UNIX users and groups
Commands for managing local netgroups
Commands for managing NIS domain configurations
Commands for managing LDAP client configurations
Commands for managing LDAP configurations
Commands for managing LDAP client schema templates
Commands for managing NFS Kerberos interface configurations
Commands for managing NFS Kerberos realm configurations
Commands for managing export policies
Commands for managing export rules
Configure the NFS credential cache
Reasons for modifying the NFS credential cache time-to-live
Configure the time-to-live for cached NFS user credentials
Manage export policy caches
Flush export policy caches
Display the export policy netgroup queue and cache
Checking whether a client IP address is a member of a netgroup
Optimizing access cache performance
Manage file locks
About file locking between protocols
How ONTAP treats read-only bits
How ONTAP differs from Windows on handling locks on share path components
Display information about locks
Breaking locks
How FPolicy first-read and first-write filters work with NFS
Modifying the NFSv4.1 server implementation ID
Manage NFSv4 ACLs
Benefits of enabling NFSv4 ACLs
How NFSv4 ACLs work
Enable or disable modification of NFSv4 ACLs
How ONTAP uses NFSv4 ACLs to determine whether it can delete a file
Enable or disable NFSv4 ACLs
Modifying the maximum ACE limit for NFSv4 ACLs
Manage NFSv4 file delegations
Enable or disable NFSv4 read file delegations
Enable or disable NFSv4 write file delegations
Configure NFSv4 file and record locking
About NFSv4 file and record locking
Specifying the NFSv4 locking lease period
Specifying the NFSv4 locking grace period
How NFSv4 referrals work
Enable or disable NFSv4 referrals
Displaying NFS statistics
Displaying DNS statistics
Displaying NIS statistics
Support for VMware vStorage over NFS
Enable or disable VMware vStorage over NFS
Enable or disable rquota support
NFSv3 and NFSv4 performance improvement by modifying the TCP transfer size
Modifying the NFSv3 and NFSv4 TCP maximum transfer size
Configure the number of group IDs allowed for NFS users
Controlling root user access to NTFS security-style data
Supported NFS versions and clients
Overview
NFSv4.0 functionality supported by ONTAP
Limitations of ONTAP support for NFSv4
ONTAP support for NFSv4.1
ONTAP support for NFSv4.2
ONTAP support for parallel NFS
Use of hard mounts
NFS and SMB file and directory naming dependencies
Overview
Characters a file or directory name can use
Case-sensitivity of file and directory names in a multiprotocol environment
How ONTAP creates file and directory names
How ONTAP handles multi-byte file, directory, and qtree names
Configure character mapping for SMB file name translation on volumes
Commands for managing character mappings for SMB file name translation
Manage NFS trunking
Learn about ONTAP NFS trunking
Configure a new NFS server and exports for trunking
Create a trunking-enabled NFS server on an ONTAP SVM
Prepare your network for ONTAP NFS trunking
Create an ONTAP volume export policy
Mount ONTAP volumes or data shares for NFS trunking
Adapt existing NFS exports for trunking
Adapt single-path exports for ONTAP NFS trunking
Enable trunking on an ONTAP NFS server
Update your network for ONTAP NFS trunking
Modify ONTAP volume export policies
Remount ONTAP volumes or data shares for NFS trunking
Manage NFS over RDMA
Overview
Configure NICS and NFS
Configure LIFs
Modify the NFS settings
Configure SMB with the CLI
Overview
Workflow
Preparation
Assess physical storage requirements
Assess networking requirements
Decide where to provision new SMB storage capacity
Worksheet for gathering SMB configuration information
Configure SMB access to an SVM
Overview
Create an SVM
Verify that the SMB protocol is enabled on the SVM
Open the export policy of the SVM root volume
Create a LIF
Enable DNS for host-name resolution
Set up an SMB server in an Active Directory domain
Configure time services
Commands for managing symmetric authentication on NTP servers
Create an SMB server in an Active Directory domain
Create keytab files for SMB authentication
Set up an SMB server in a workgroup
Overview
Create an SMB server in a workgroup
Create local user accounts
Create local groups
Manage local group membership
Verify enabled SMB versions
Map the SMB server on the DNS server
Configure SMB client access to shared storage
Overview
Create a volume or qtree storage container
Create a volume
Create a qtree
Requirements and considerations for creating an SMB share
Create an SMB share
Verify SMB client access
Create SMB share access control lists
Configure NTFS file permissions in a share
Verify user access
Manage SMB with the CLI
Overview
SMB server support
Overview
Supported SMB versions and functionality
Unsupported Windows features
Configure NIS or LDAP name services on the SVM
How ONTAP name service switch configuration works
Manage SMB servers
Modify SMB servers
Use options to customize SMB servers
Available SMB server options
Configure SMB server options
Configure the grant UNIX group permission to SMB users
Configure access restrictions for anonymous users
Manage how file security is presented to SMB clients for UNIX security-style data
Overview
Enable or disable the presentation of NTFS ACLs for UNIX security-style data
How ONTAP preserves UNIX permissions
Manage UNIX permissions using the Windows Security tab
Manage SMB server security settings
How ONTAP handles SMB client authentication
Guidelines for SMB server security settings in an SVM disaster recovery configuration
Display information about CIFS server security settings
Enable or disable required password complexity for local SMB users
Modify the CIFS server Kerberos security settings
Set the CIFS server minimum authentication security level
Configure strong security for Kerberos-based communication by using AES encryption
Enable or disable AES encryption for Kerberos-based communication
Use SMB signing to enhance network security
Overview
How SMB signing policies affect communication with a CIFS server
Performance impact of SMB signing
Recommendations for configuring SMB signing
Guidelines for SMB signing when multiple data LIFS are configured
Enable or disable required SMB signing for incoming SMB traffic
Determining whether SMB sessions are signed
Monitor SMB signed session statistics
Configure required SMB encryption on SMB servers for data transfers over SMB
Overview
Performance impact of SMB encryption
Enable or disable required SMB encryption for incoming SMB traffic
Determine whether clients are connected using encrypted SMB sessions
Monitor SMB encryption statistics
Secure LDAP session communication
LDAP signing and sealing concepts
Enable LDAP signing and sealing on the CIFS server
Configure LDAP over TLS
Export a copy of the self-signed root CA certificate
Install the self-signed root CA certificate on the SVM
Enable LDAP over TLS on the CIFS server
Configure SMB Multichannel for performance and redundancy
Configure default Windows user to UNIX user mappings on the SMB server
Configure the default UNIX user
Configure the guest UNIX user
Map the administrators group to root
Display information about what types of users are connected over SMB sessions
Command options to limit excessive Windows client resource consumption
Improve client performance with traditional and lease oplocks
Overview
Write cache data-loss considerations when using oplocks
Enable or disable oplocks when creating SMB shares
Commands for enabling or disabling oplocks on volumes and qtrees
Enable or disable oplocks on existing SMB shares
Monitor oplock status
Apply Group Policy Objects to SMB servers
Overview
Supported GPOs
Requirements for using GPOs with your CIFS server
Enable or disable GPO support on a SMB server
How GPOs are updated on the SMB server
Overview
What to do if GPO updates are failing
Manually updating GPO settings on the CIFS server
Display information about GPO configurations
Display detailed information about restricted group GPOs
Display information about central access policies
Display information about central access policy rules
Commands for managing CIFS servers computer account passwords
Manage domain controller connections
Display information about discovered servers
Reset and rediscover servers
Manage domain controller discovery
Add preferred domain controllers
Commands for managing preferred domain controllers
Enable SMB2 connections to domain controllers
Enable encrypted connections to domain controllers
Use null sessions to access storage in non-Kerberos environments
Overview
How the storage system provides null session access
Grant null users access to file system shares
Manage NetBIOS aliases for SMB servers
Overview
Add a list of NetBIOS aliases to the CIFS server
Remove NetBIOS aliases from the NetBIOS alias list
Display the list of NetBIOS aliases on CIFS servers
Determine whether SMB clients are connected using NetBIOS aliases
Manage miscellaneous SMB server tasks
Stop or start the CIFS server
Move CIFS servers to different OUs
Modify the dynamic DNS domain on the SVM before moving the SMB server
Join anSVM to an Active Directory domain
Display information about NetBIOS over TCP connections
Commands for managing CIFS servers
Enable the NetBios name service
Use IPv6 for SMB access and SMB services
Requirements for using IPv6
Support for IPv6 with SMB access and CIFS services
How CIFS servers use IPv6 to connect to external servers
Enable IPv6 for SMB (cluster administrators only)
Disable IPv6 for SMB
Monitor and display information about IPv6 SMB sessions
Set up file access using SMB
Configure security styles
How security styles affect data access
What the security styles and their effects are
Where and when to set security styles
Decide which security style to use on SVMs
How security style inheritance works
How ONTAP preserves UNIX permissions
Manage UNIX permissions using the Windows Security tab
Configure security styles on SVM root volumes
Configure security styles on FlexVol volumes
Configure security styles on qtrees
Create and manage data volumes in NAS namespaces
Overview
Create data volumes with specified junction points
Create data volumes without specifying junction points
Mount or unmount existing volumes in the NAS namespace
Display volume mount and junction point information
Configure name mappings
Overview
How name mapping works
Multidomain searches for UNIX user to Windows user name mappings
Name mapping conversion rules
Create a name mapping
Configure the default user
Commands for managing name mappings
Configure multidomain name-mapping searches
Enable or disable multidomain name mapping searches
Reset and rediscover trusted domains
Display information about discovered trusted domains
Add, remove, or replace trusted domains in preferred trusted domain lists
Display information about the preferred trusted domain list
Create and configure SMB shares
Overview
What the default administrative shares are
SMB share naming requirements
Directory case-sensitivity requirements when creating shares in a multiprotocol environment
Use SMB share properties
Overview
Add or remove share properties on an existing SMB share
Optimize SMB user access with the force-group share setting
Create an SMB share with the force-group share setting
View information about SMB shares using the MMC
Commands for managing SMB shares
Secure file access by using SMB share ACLs
Guidelines for managing SMB share-level ACLs
Create SMB share access control lists
Commands for managing SMB share access control lists
Secure file access by using file permissions
Configure advanced NTFS file permissions using the Windows Security tab
Configure NTFS file permissions using the ONTAP CLI
How UNIX file permissions provide access control when accessing files over SMB
Secure file access by using Dynamic Access Control (DAC)
Overview
Supported Dynamic Access Control functionality
Considerations when using Dynamic Access Control and central access policies with CIFS servers
Enable or disable Dynamic Access Control
Manage ACLs that contain Dynamic Access Control ACEs when Dynamic Access Control is disabled
Configure central access policies to secure data on CIFS servers
Display information about Dynamic Access Control security
Revert considerations for Dynamic Access Control
Where to find additional information about configuring and using Dynamic Access Control and central access policies
Secure SMB access using export policies
How export policies are used with SMB access
How export rules work
Examples of export policy rules that restrict or allow access over SMB
Enable or disable export policies for SMB access
Secure file access by using Storage-Level Access Guard
Overview
Use cases for using Storage-Level Access Guard
Workflow to configure Storage-Level Access Guard
Configure Storage-Level Access Guard
Effective SLAG matrix
Display information about Storage-Level Access Guard
Remove Storage-Level Access Guard
Manage file access using SMB
Use local users and groups for authentication and authorization
How ONTAP uses local users and groups
Local users and groups concepts
Reasons for creating local users and local groups
How local user authentication works
How user access tokens are constructed
Guidelines for using SnapMirror on SVMs that contain local groups
What happens to local users and groups when deleting CIFS servers
How you can use Microsoft Management Console with local users and groups
Guidelines for reverting
What local privileges are
List of supported privileges
Assign privileges
Guidelines for using BUILTIN groups and the local administrator account
Requirements for local user passwords
Predefined BUILTIN groups and default privileges
Enable or disable local users and groups functionality
Overview
Enable or disable local users and groups
Enable or disable local user authentication
Manage local user accounts
Modify local user accounts
Enable or disable local user accounts
Change local user account passwords
Display information about local users
Display information about group memberships for local users
Delete local user accounts
Manage local groups
Modify local groups
Display information about local groups
Manage local group membership
Display information about members of local groups
Delete a local group
Update domain user and group names in local databases
Manage local privileges
Add privileges to local or domain users or groups
Remove privileges from local or domain users or groups
Reset privileges for local or domain users and groups
Display information about privilege overrides
Configure bypass traverse checking
Overview
Allow users or groups to bypass directory traverse checking
Disallow users or groups from bypassing directory traverse checking
Display information about file security and audit policies
Overview
Display information about file security on NTFS security-style volumes
Display information about file security on mixed security-style volumes
Display information about file security on UNIX security-style volumes
Display information about NTFS audit policies on FlexVol volumes using the CLI
Display information about NFSv4 audit policies on FlexVol volumes using the CLI
Ways to display information about file security and audit policies
Manage NTFS file security, NTFS audit policies, and Storage-Level Access Guard on SVMs using the CLI
Overview
Use cases for using the CLI to set file and folder security
Limits when using the CLI to set file and folder security
How security descriptors are used to apply file and folder security
Guidelines for applying file-directory policies that use local users or groups on the SVM disaster recovery destination
Configure and apply file security on NTFS files and folders using the CLI
Create an NTFS security descriptor
Add NTFS DACL access control entries to the NTFS security descriptor
Create security policies
Add a task to the security policy
Apply security policies
Monitor the security policy job
Verify the applied file security
Configure and apply audit policies to NTFS files and folders using the CLI
Overview
Create an NTFS security descriptor
Add NTFS SACL access control entries to the NTFS security descriptor
Create security policies
Add a task to the security policy
Apply security policies
Monitor the security policy job
Verify the applied audit policy
Considerations when managing security policy jobs
Commands for managing NTFS security descriptors
Commands for managing NTFS DACL access control entries
Commands for managing NTFS SACL access control entries
Commands for managing security policies
Commands for managing security policy tasks
Commands for managing security policy jobs
Configure the metadata cache for SMB shares
How SMB metadata caching works
Enable the SMB metadata cache
Configure the lifetime of SMB metadata cache entries
Manage file locks
About file locking between protocols
How ONTAP treats read-only bits
How ONTAP differs from Windows on handling locks on share path components
Display information about locks
Breaking locks
Monitor SMB activity
Display SMB session information
Display information about open SMB files
Determine which statistics objects and counters are available
Display statistics
Deploy SMB client-based services
Use offline files to allow caching of files for offline use
Overview
Requirements for using offline files
Guidelines for deploying offline files
Configure offline files support on SMB shares using the CLI
Configure offline files support on SMB shares by using the Computer Management MMC
Use roaming profiles to store user profiles centrally on a SMB server associated with the SVM
Overview
Requirements for using roaming profiles
Configure roaming profiles
Use folder redirection to store data on a SMB server
Overview
Requirements for using folder redirection
Configure folder redirection
Access the ~snapshot directory from Windows clients using SMB 2.x
Recover files and folders using Previous Versions
Overview
Requirements for using Microsoft Previous Versions
Use the Previous Versions tab to view and manage Snapshot copy data
Determine whether Snapshot copies are available for Previous Versions use
Create a Snapshot configuration to enable Previous Versions access
Guidelines for restoring directories that contain junctions
Deploy SMB server-based services
Manage home directories
How ONTAP enables dynamic home directories
Home directory shares
Add a home directory share
Home directory shares require unique user names
What happens to static home directory share names after upgrading
Add a home directory search path
Create a home directory configuration using the %w and %d variables
Configure home directories using the %u variable
Additional home directory configurations
Commands for managing search paths
Display information about an SMB user’s home directory path
Manage accessibility to users' home directories
Configure SMB client access to UNIX symbolic links
How ONTAP enables you to provide SMB client access to UNIX symbolic links
Limits when configuring UNIX symbolic links for SMB access
Control automatic DFS advertisements in ONTAP with a CIFS server option
Configure UNIX symbolic link support on SMB shares
Create symbolic link mappings for SMB shares
Commands for managing symbolic link mappings
Windows backup applications and Unix-style symlinks
Use BranchCache to cache SMB share content at a branch office
Overview
Requirements and guidelines
BranchCache version support
Network protocol support requirements
ONTAP and Windows hosts version requirements
Reasons ONTAP invalidates BranchCache hashes
Guidelines for choosing the hash store location
BranchCache recommendations
Configure BranchCache
Overview
Requirements for configuring BranchCache
Configure BranchCache on the SMB server
Where to find information about configuring BranchCache at the remote office
Configure BranchCache-enabled SMB shares
Overview
Create a BranchCache-enabled SMB share
Enable BranchCache on an existing SMB share
Manage and monitor the BranchCache configuration
Modify BranchCache configurations
Display information about BranchCache configurations
Change the BranchCache server key
Pre-computing BranchCache hashes on specified paths
Flush hashes from the SVM BranchCache hash store
Display BranchCache statistics
Support for BranchCache Group Policy Objects
Display information about BranchCache Group Policy Objects
Disable BranchCache on SMB shares
Overview
Disable BranchCache on a single SMB share
Stop automatic caching on all SMB shares
Disable or enable BranchCache on the SVM
What happens when you disable or reenable BranchCache on the CIFS server
Disable or enable BranchCache
Delete the BranchCache configuration on SVMs
What happens when you delete the BranchCache configuration
Delete the BranchCache configuration
What happens to BranchCache when reverting
Improve Microsoft remote copy performance
Overview
How ODX works
Requirements for using ODX
Guidelines for using ODX
Use cases for ODX
Enable or disable ODX
Improve client response time by providing SMB automatic node referrals with Auto Location
Overview
Requirements and guidelines for using automatic node referrals
Support for SMB automatic node referrals
Enable or disable SMB automatic node referrals
Use statistics to monitor automatic node referral activity
Monitor client-side SMB automatic node referral information using a Windows client
Provide folder security on shares with access-based enumeration
Overview
Enable or disable access-based enumeration on SMB shares
Enable or disable access-based enumeration from a Windows client
NFS and SMB file and directory naming dependencies
Overview
Characters a file or directory name can use
Case-sensitivity of file and directory names in a multiprotocol environment
How ONTAP creates file and directory names
How ONTAP handles multi-byte file, directory, and qtree names
Configure character mapping for SMB file name translation on volumes
Commands for managing character mappings for SMB file name translation
Provide S3 client access to NAS data
Overview
NAS data requirements
Enable S3 multi-protocol access
Create S3 NAS bucket
Enable S3 client users
SMB configuration for Microsoft Hyper-V and SQL Server
Overview
Configure ONTAP for Microsoft Hyper-V and SQL Server over SMB solutions
Nondisruptive operations for Hyper-V and SQL Server over SMB
What are nondisruptive operations?
Protocols that enable nondisruptive operations over SMB
Key concepts about nondisruptive operations for Hyper-V and SQL Server over SMB
How SMB 3.0 functionality supports nondisruptive operations over SMB shares
What the Witness protocol does to enhance transparent failover
How the Witness protocol works
Share-based backups with Remote VSS
Overview
Remote VSS concepts
Example of a directory structure used by Remote VSS
How SnapManager for Hyper-V manages Remote VSS-based backups for Hyper-V over SMB
How ODX copy offload is used with Hyper-V and SQL Server over SMB shares
Configuration requirements and considerations
ONTAP and licensing requirements
Network and data LIF requirements
SMB server and volume requirements for Hyper-V over SMB
SMB server and volume requirements for SQL Server over SMB
Continuously available share requirements and considerations for Hyper-V over SMB
Continuously available share requirements and considerations for SQL Server over SMB
Remote VSS considerations for Hyper-V over SMB configurations
ODX copy offload requirements for SQL Server and Hyper-V over SMB
Recommendations for SQL Server and Hyper-V over SMB configurations
Plan the Hyper-V or SQL Server over SMB configuration
Complete the volume configuration worksheet
Complete the SMB share configuration worksheet
Create ONTAP configurations for nondisruptive operations with Hyper-V and SQL Server over SMB
Overview
Verify that both Kerberos and NTLMv2 authentication are permitted (Hyper-V over SMB shares)
Verify that domain accounts map to the default UNIX user
Verify that the security style of the SVM root volume is set to NTFS
Verify that required CIFS server options are configured
Configure SMB Multichannel for performance and redundancy
Create NTFS data volumes
Create continuously available SMB shares
Add the SeSecurityPrivilege privilege to the user account (for SQL Server of SMB shares)
Configure the VSS shadow copy directory depth (for Hyper-V over SMB shares)
Manage Hyper-V and SQL Server over SMB configurations
Configure existing shares for continuous availability
Enable or disable VSS shadow copies for Hyper-V over SMB backups
Use statistics to monitor Hyper-V and SQL Server over SMB activity
Determine which statistics objects and counters are available
Display SMB statistics
Verify that the configuration is capable of nondisruptive operations
Use health monitoring to determine whether nondisruptive operation status is healthy
Display nondisruptive operation status by using system health monitoring
Verify the continuously available SMB share configuration
Verify LIF status
Determine whether SMB sessions are continuously available
Display SMB session information
Display information about open SMB files
SAN storage management
SAN concepts
SAN provisioning with iSCSI
iSCSI service management
Overview
How iSCSI authentication works
iSCSI initiator security management
iSCSI endpoint isolation
What CHAP authentication is
How using iSCSI interface access lists to limit initiator interfaces can increase performance and security
iSNS server registration requirement
SAN provisioning with FC
SAN provisioning with NVMe
SAN volumes
Overview
Configure volume provisioning options
SAN volume configuration options
Requirement for moving volumes in SAN environments
Considerations for setting fractional reserve
SAN host-side space management
igroups
Specify initiator WWPNs and iSCSI node names for an igroup
Storage virtualization with VMware and Microsoft copy offload
Overview
How LUN access works in a virtualized environment
Considerations for LIFs in cluster SAN environments
Improve VMware VAAI performance for ESX hosts
Microsoft Offloaded Data Transfer (ODX)
SAN administration
SAN provisioning
Overview
Configure switches for FCoE
System requirements
What to know before you create a LUN
Verify or add the FC or iSCSI license
Provision SAN storage
NVMe provisioning
Overview
License requirements
NVMe support and limitations
Configure an SVM for NVMe
Provision NVMe storage
Map an NVMe namespace to a subsystem
Manage LUNs
Edit LUN QoS Policy
Convert a LUN into a namespace
Take a LUN offline
Resize a LUN
Move a LUN
Delete a LUN
What to know before copying LUNs
Examine configured and used space of a LUN
Control and monitor I/O performance to LUNs using Storage QoS
Tools available to effectively monitor your LUNs
Capabilities and restrictions of transitioned LUNs
I/O misalignments on properly aligned LUNs
Ways to address issues when LUNs go offline
Troubleshoot iSCSI LUNs not visible on the host
Manage igroups and portsets
Ways to limit LUN access with portsets and igroups
Manage igroups and initiators
Create nested igroup
Map igroup to multiple LUNs
Create a portset and bind to an igroup
Manage portsets
Selective LUN Map
Manage iSCSI protocol
Configure your network for best performance
Configure an SVM for iSCSI
Define a security policy method for an initiator
Delete an iSCSI service for an SVM
Get more details in iSCSI session error recoveries
Register the SVM with an iSNS server
Resolve iSCSI error messages on the storage system
iSCSI LIF failover for ASA platforms
Manage FC protocol
Configure an SVM for FC
Delete an FC service for an SVM
Recommended MTU configurations for FCoE jumbo frames
Manage NVMe protocol
Start the NVMe/FC service for an SVM
Delete NVMe/FC service from an SVM
Resize a NVMe namespace
Convert a namespace into a LUN
Set up in-band authentication over NVMe
Disable in-band authentication over NVMe
Set up TLS secure channel for NVMe/TCP
Disable TLS secure channel for NVMe/TCP
Change NVMe host priority
Manage automated host discovery for NVMe/TCP
Disable NVMe VMID
Manage systems with FC adapters
Overview
Commands for managing FC adapters
Configure FC adapters
View adapter settings
Change the UTA2 port from CNA mode to FC mode
Change the CNA/UTA2 target adapter optical modules
Supported port configurations for X1143A-R6 adapters
Configure X1143A-R6 adapter ports
Prevent loss of connectivity when using the X1133A-R6 adapter
Manage LIFs for all SAN protocols
Overview
Configure an NVMe LIF
What to know before moving a SAN LIF
Remove a SAN LIF from a port set
Move a SAN LIF
Delete a LIF in a SAN environment
SAN LIF requirements for adding nodes to a cluster
Configure iSCSI LIFs to return FQDN to host iSCSI SendTargets Discovery Operation
Enable space allocation for SAN protocols
Recommended volume and file or LUN configuration combinations
Overview
Determine the correct volume and LUN configuration combination for your environment
Calculate rate of data growth for LUNs
Configuration settings for space-reserved files or LUNs with thick-provisioned volumes
Configuration settings for non-space-reserved files or LUNs with thin-provisioned volumes
Configuration settings for space-reserved files or LUNs with semi-thick volume provisioning
SAN data protection
Overview
Effect of moving or copying a LUN on Snapshot copies
Overview
Restore a single LUN from a Snapshot copy
Restore all LUNs in a volume from a Snapshot copy
Delete one or more existing Snapshot copies from a volume
Use FlexClone LUNs to protect your data
Overview
Reasons for using FlexClone LUNs
How a FlexVol volume can reclaim free space with autodelete setting
Configure a FlexVol volume to automatically delete FlexClone files and FlexClone LUNs
Clone LUNs from an active volume
Create FlexClone LUNs from a Snapshot copy in a volume
Prevent automatic deletion of a FlexClone file or FlexClone LUN
Configure and use SnapVault backups in a SAN environment
Overview
Access a read-only LUN copy from a SnapVault backup
Restore a single LUN from a SnapVault backup
Restore all LUNs in a volume from a SnapVault backup
How you can connect a host backup system to the primary storage system
Back up a LUN through a host backup system
SAN configuration reference
Overview
iSCSI configurations
Ways to configure iSCSI SAN hosts
Benefits of using VLANs in iSCSI configurations
FC configurations
Ways to configure FC & FC-NVMe SAN hosts
FC switch configuration best practices
Supported number of FC hop counts
FC Target port configuration recommendations
Manage systems with FC adapters
Overview
Commands for managing FC adapters
Configure FC adapters for initiator mode
Configure FC adapters for target mode
Display information about an FC target adapter
Change the FC adapter speed
Supported FC ports
Prevent loss of connectivity when using the X1133A-R6 adapter
FCoE configurations
Overview
FCoE initiator and target combinations
FCoE supported hop count
Fibre Channel and FCoE zoning
Overview
World Wide Name-based zoning
Individual zones
Single-fabric zoning
Dual-fabric HA pair zoning
Zoning restrictions for Cisco FC and FCoE switches
Shared SAN configurations
SAN configurations in a MetroCluster environment
Overview
Prevent port overlap between switchover and switchback
Host support for multipathing
Overview
When host multipathing software is required
Recommended number of paths from host to nodes in cluster
Configuration limits
Determine the number of supported nodes for SAN configurations
Determine the number of supported hosts per cluster in FC and FC-NVMe configurations
Determine the supported number of hosts in iSCSI configurations
FC switch configuration limits
Calculate queue depth
Set queue depths
S3 object storage management
Learn about S3 support in ONTAP 9
Overview
Architecture
Use cases
Plan
ONTAP version support for S3 object storage
ONTAP S3 supported actions
ONTAP S3 interoperability
ONTAP S3 validated third-party solutions
Configure
About the S3 configuration process
Workflow
Assess physical storage requirements
Assess networking requirements
Decide where to provision new S3 storage capacity
Configure S3 access to an SVM
Create an SVM for S3
Create and install a CA certificate on the SVM
Create an S3 service data policy
Create data LIFs
Create intercluster LIFs for remote FabricPool tiering
Create the S3 object store server
Add storage capacity to an S3-enabled SVM
Create a bucket
Manage bucket size
Create a bucket on a mirrored or unmirrored aggregate in a MetroCluster configuration
Create a bucket lifecycle rule
Create an S3 user
Create or modify S3 groups
Regenerate keys and modify their retention period
Create or modify access policy statements
About bucket and object store server policies
Modify a bucket policy
Create or modify an object store server policy
Configure S3 access for external directory services
Enable LDAP or domain users to generate S3 access keys
Enable client access to S3 object storage
Enable ONTAP S3 access for remote FabricPool tiering
Enable ONTAP S3 access for local FabricPool tiering
Enable client access from an S3 app
Storage service definitions
CORS integration with ONTAP
Protect buckets with SnapMirror S3
Overview
Mirror and backup protection on a remote cluster
Create mirror for new bucket
Create mirror for existing bucket
Takeover from destination
Restore from destination
Mirror and backup protection on the local cluster
Create mirror for new bucket
Create mirror for existing bucket
Takeover from destination
Restore from destination
Backup protection with cloud targets
Requirements for cloud targets
Create backup for new bucket
Create backup for existing bucket
Restore from cloud target
Modify mirror policy
Protect S3 data with snapshots
Learn about S3 snapshots
Create S3 snapshots
View and restore S3 snapshots
Delete S3 snapshots
Audit S3 events
Overview
Plan a configuration
Create and enable the configuration
Select buckets for auditing
Modify the configuration
Show configurations
Authentication and access control
Authentication and access control
Manage administrator authentication and RBAC
Overview
Workflow
Configuration worksheets
Create login accounts
Overview
Enable local account access
Overview
Enable password account access
Enable SSH public key accounts
Enable multifactor authentication (MFA) accounts
Overview
Enable MFA with SSH and TOTP
Configure local user account for MFA with TOTP
Reset TOTP configuration
Disable TOTP secret key
Enable SSL certificate accounts
Enable Active Directory account access
Enable LDAP or NIS account access
Manage access-control roles
Overview
Modify the role assigned to an administrator
Define custom roles
Predefined roles for cluster administrators
Predefined roles for SVM administrators
Control administrator access with System Manager
Manage administrator accounts
Overview
Associate a public key with an administrator account
Manage SSH public keys and X.509 certificates for an administrator account
Configure Cisco Duo 2FA for SSH logins
Generate and install a CA-signed server certificate
Manage certificates with System Manager
Configure Active Directory domain controller access
Configure LDAP or NIS server access
Change an administrator password
Lock and unlock an administrator account
Manage failed login attempts
Enforce SHA-2 on administrator account passwords
Diagnose and correct file access issues with System Manager
Manage multi-admin verification
Overview
Manage administrator groups
Enable and disable multi-admin verification
Manage protected operation rules
Request execution of protected operations
Manage protected operation requests
Manage dynamic authorization
Overview
Enable or disable dynamic authorization
Customize dynamic authorization
Authentication and authorization using OAuth 2.0
Overview
Concepts
Authorization servers and tokens
Client authorization
Overview and options
Self-contained scopes
Working with groups
External role mapping
How ONTAP determines access
Deployment scenarios
Client authentication using mTLS
Configure and deploy
Prepare to deploy OAuth 2.0
Deploy OAuth 2.0 in ONTAP
Issue a REST API call
Authentication and authorization using SAML
Authentication and authorization using WebAuthn MFA
WebAuthn MFA overview
Enable WebAuthn MFA
Disable WebAuthn MFA
View WebAuthn MFA settings and manage credentials
Manage web services
Overview
Manage access to web services
Manage the web protocol engine
Commands for managing the web protocol engine
Configure access to web services
Commands for managing web services
Commands for managing mount points on the nodes
Manage SSL
Troubleshoot web service access problems
Verify the identity of remote servers using certificates
Overview
Verify digital certificates are valid using OCSP
View default certificates for TLS-based applications
Mutually authenticate the cluster and a KMIP server
Overview
Generate a certificate signing request for the cluster
Install a CA-signed server certificate for the cluster
Install a CA-signed client certificate for the KMIP server
Attribute-based access control
Overview
Approaches to ABAC with ONTAP
Security and data encryption
About NetApp ransomware protection
Ransomware and NetApp's protection portfolio
SnapLock and tamperproof snapshot copies
FPolicy file blocking
CI Storage Workload Security (CISWS)
Autonomous Ransomware Protection (ARP)
Cyber vaulting
Active IQ ransomware protection
BlueXP ransomware protection
Autonomous Ransomware Protection
Overview
Use cases and considerations
Enable Autonomous Ransomware Protection
Enable Autonomous Ransomware Protection by default
Enable ARP/AI with automatic updates
Update ARP/AI
Switch from learning mode to active mode
Pause protection
Manage attack detection parameters
Respond to abnormal activity
Recover data after an attack
Modify automatic snapshot options
Virus protection with Vscan
Overview
About NetApp antivirus protection
Understanding NetApp virus scanning
Virus scanning workflow
Antivirus architecture
Vscan partner solutions
Vscan server installation and configuration
Overview
Install ONTAP Antivirus Connector
Configure ONTAP Antivirus Connector
Configure scanner pools
Overview
Create a scanner pool on a single cluster
Create scanner pools in MetroCluster configurations
Apply a scanner policy on a single cluster
Apply scanner policies in MetroCluster configurations
Commands for managing scanner pools
Configure on-access scanning
Create an on-access policy
Enable an on-access policy
Modify the Vscan file-operations profile for an SMB share
Commands for managing on-access policies
Configure on-demand scanning
Overview
Create an on-demand task
Schedule an on-demand task
Run an on-demand task immediately
Commands for managing on-demand tasks
Best practices for configuring off-box antivirus functionality
Enable virus scanning on an SVM
Reset the status of scanned files
View Vscan event log information
Monitor and troubleshoot connectivity issues
Potential connectivity issues involving the scan-mandatory option
Commands for viewing Vscan server connection status
Troubleshoot common virus scanning issues
Monitor status and performance activities
ONTAP hardening guidelines
ONTAP security hardening overview
ONTAP image validation
Local storage administrator accounts
Roles, applications, and authentication
Default administrative accounts
Multi administrator verification
Snapshot copy locking
Set up certificate-based API access
ONTAP OAuth 2.0 Token Based Authentication for REST API
Login and password parameters
System administration methods
ONTAP autonomous ransomware protection
Storage administrative system auditing
Storage encryption
Data replication encryption
IPsec data-in-flight encryption
FIPS mode and TLS and SSL management
Create a CA-signed digital certificate
Online certificate status protocol
SSHv2 management
NetApp AutoSupport
Network Time Protocol
NAS file system local accounts (CIFS workgroup)
NAS file system auditing
Configure CIFS SMB signing and sealing
NFS securing
Enable Lightweight Directory Access Protocol signing and sealing
Create and use a NetApp FPolicy
LIF security
Protocol and port security
Audit NAS events on SVMs
Overview
How auditing works
Basic auditing concepts
How the ONTAP auditing process works
Auditing requirements and considerations
Limitations for the size of audit records on staging files
What the supported audit event log formats are
View audit event logs
SMB events that can be audited
Overview
Determine what the complete path to the audited object is
Considerations when auditing symlinks and hard links
Considerations when auditing alternate NTFS data streams
NFS file and directory access events that can be audited
Plan the auditing configuration
Create a file and directory auditing configuration on SVMs
Create the auditing configuration
Enable auditing on the SVM
Verify the auditing configuration
Configure file and folder audit policies
Overview
Configure audit policies on NTFS security-style files and directories
Configure auditing for UNIX security style files and directories
Display information about audit policies applied to files and directories
Display information about audit policies using the Windows Security tab
Display information about NTFS audit policies on FlexVol volumes using the CLI
Ways to display information about file security and audit policies
CLI change events that can be audited
Overview
Manage file-share event
Manage audit-policy-change event
Manage user-account event
Manage security-group event
Manage authorization-policy-change event
Manage auditing configurations
Manually rotate the audit event logs
Enable and disable auditing on SVMs
Display information about auditing configurations
Commands for modifying auditing configurations
Delete an auditing configuration
Understand cluster revert implications
Troubleshoot auditing and staging volume space issues
Use FPolicy for file monitoring and management on SVMs
Understand FPolicy
What the two parts of the FPolicy solution are
What synchronous and asynchronous notifications are
FPolicy persistent stores
FPolicy configuration types
Roles that cluster components play with FPolicy implementation
How FPolicy works with external FPolicy servers
What the node-to-external FPolicy server communication process is
How FPolicy services work across SVM namespaces
How FPolicy passthrough-read enhances usability for hierarchical storage management
Plan the FPolicy configuration
Requirements, considerations, and best practices for configuring FPolicy
What the steps for setting up an FPolicy configuration are
Plan the FPolicy external engine configuration
Overview
Additional information about configuring FPolicy external engines to use SSL authenticated connections
Certificates do not replicate in SVM disaster recovery relationships with a non-ID-preserve configuration
Restrictions for cluster-scoped FPolicy external engines with MetroCluster and SVM disaster recovery configurations
Complete the FPolicy external engine configuration worksheet
Plan the FPolicy event configuration
Overview
Supported file operation and filter combinations that FPolicy can monitor for SMB
Supported file operation and filter combinations that FPolicy can monitor for NFSv3
Supported file operation and filter combinations that FPolicy can monitor for NFSv4
Complete the FPolicy event configuration worksheet
Plan the FPolicy policy configuration
Overview
Requirement for FPolicy scope configurations if the FPolicy policy uses the native engine
Complete the FPolicy policy worksheet
Plan the FPolicy scope configuration
Overview
Complete the FPolicy scope worksheet
Create the FPolicy configuration
Create the FPolicy external engine
Create the FPolicy event
Create persistent stores
Create the FPolicy policy
Create the FPolicy scope
Enable the FPolicy policy
Manage FPolicy configurations
Modify FPolicy configurations
Commands for modifying FPolicy configurations
Enable or disabling FPolicy policies
Display information about FPolicy configurations
How the show commands work
Commands for displaying information about FPolicy configurations
Display information about FPolicy policy status
Display information about enabled FPolicy policies
Manage FPolicy server connections
Connect to external FPolicy servers
Disconnect from external FPolicy servers
Display information about connections to external FPolicy servers
Display information about the FPolicy passthrough-read connection status
Verify access using security tracing
How security traces work
Types of access checks security traces monitor
Considerations when creating security traces
Perform security traces
Overview
Create security trace filters
Display information about security trace filters
Display security trace results
Modify security trace filters
Delete security trace filters
Delete security trace records
Delete all security trace records
Interpret security trace results
Where to find additional information
Manage encryption with System Manager
Encrypt stored data (software)
Encrypt stored data (hardware)
Manage encryption with the CLI
Overview
Configure NetApp Volume Encryption
Overview
NetApp Volume Encryption workflow
Configure NVE
Determine whether your cluster version supports NVE
Install the license
Configure external key management
Overview
Manage external keys with System Manager
Install SSL certificates on the cluster
Enable external key management in ONTAP 9.6 and later (NVE)
Enable external key management in ONTAP 9.5 and earlier
Manage keys with a cloud provider
Enable onboard key management in ONTAP 9.6 and later (NVE)
Enable onboard key management in ONTAP 9.5 and earlier (NVE)
Enable onboard key management in newly added nodes
Migrate data encryption keys between key managers
Encrypt volume data with NVE
Overview
Enable aggregate-level encryption with VE license
Enable encryption on a new volume
Enable encryption on an existing volume with the volume encryption conversion start command
Enable encryption on an existing volume with the volume move start command
Enable encryption on the SVM root volume
Enable node root volume encryption
Configure NetApp hardware-based encryption
Overview
Configure external key management
Overview
Collect network information in ONTAP 9.2 and earlier
Install SSL certificates on the cluster
Enable external key management in ONTAP 9.6 and later (HW-based)
Enable external key management in ONTAP 9.5 and earlier (HW-based)
Configure clustered external key server
Create authentication keys in ONTAP 9.6 and later
Create authentication keys in ONTAP 9.5 and earlier
Assign a data authentication key to a FIPS drive or SED (external key management)
Configure onboard key management
Enable onboard key management in ONTAP 9.6 and later
Enable onboard key management in ONTAP 9.5 and earlier
Assign a data authentication key to a FIPS drive or SED (onboard key management)
Assign a FIPS 140-2 authentication key to a FIPS drive
Enable cluster-wide FIPS-compliant mode for KMIP server connections
Manage NetApp encryption
Unencrypt volume data
Move an encrypted volume
Delegate authority to run the volume move command
Change the encryption key for a volume with the volume encryption rekey start command
Change the encryption key for a volume with the volume move start command
Rotate authentication keys for NetApp Storage Encryption
Delete an encrypted volume
Securely purge data on an encrypted volume
Overview
Securely purge data on an encrypted volume without a SnapMirror relationship
Securely purge data on an encrypted volume with an Asynchronous SnapMirror relationship
Scrub data on an encrypted volume with a Synchronous SnapMirror relationship
Change the onboard key management passphrase
Back up onboard key management information manually
Restore onboard key management encryption keys
Restore external key management encryption keys
Replace SSL certificates
Replace a FIPS drive or SED
Make data on a FIPS drive or SED inaccessible
Overview
Sanitize a FIPS drive or SED
Destroy a FIPS drive or SED
Emergency shredding of data on an FIPS drive or SED
Return a FIPS drive or SED to service when authentication keys are lost
Return a FIPS drive or SED to unprotected mode
Remove an external key manager connection
Modify external key management server properties
Transition to external key management from onboard key management
Transition to onboard key management from external key management
What happens when key management servers are not reachable during the boot process
Disable encryption by default
Enable Zero Trust model
Zero Trust overview
Architect Zero Trust approach
Automation for Zero Trust at scale
Zero Trust hybrid cloud deployments
Data protection and disaster recovery
Cluster and SVM peering
Overview
Prepare for cluster and SVM peering
Peer basics
Prerequisites for cluster peering
Use shared or dedicated ports
Use custom IPspaces to isolate replication traffic
Configure intercluster LIFs
Configure intercluster LIFs on shared data ports
Configure intercluster LIFs on dedicated ports
Configure intercluster LIFs in custom IPspaces
Configure peer relationships
Create a cluster peer relationship
Create an intercluster SVM peer relationship
Add an intercluster SVM peer relationship
Enable cluster peering encryption on an existing peer relationship
Remove cluster peering encryption from an existing peer relationship
Manage local snapshots
Overview
Configure custom snapshot policies
Overview
When to configure a custom snapshot policy
Create a snapshot job schedule
Create a snapshot policy
Manage Snapshot copies manually
Create and delete snapshots manually
Calculate reclaimable space
Manage the Snapshot copy reserve
Overview
When to increase the Snapshot copy reserve
How deleting protected files can lead to less file space than expected
Monitor Snapshot copy disk consumption
Check available Snapshot copy reserve on a volume
Modify the Snapshot copy reserve
Autodelete Snapshot copies
Restore files from Snapshot copies
Restore a file from a Snapshot copy on an NFS or SMB client
Enable and disable NFS and SMB client access to Snapshot copy directory
Restore a single file from a Snapshot copy
Restore part of a file from a Snapshot copy
Restore the contents of a volume from a Snapshot copy
SnapMirror volume replication
SnapMirror asynchronous disaster recovery basics
SnapMirror synchronous disaster recovery basics
Default protection policies
About workloads supported by StrictSync and Sync policies
Vault archiving using SnapMirror technology
SnapMirror unified replication basics
XDP replaces DP as the SnapMirror default
When a destination volume grows automatically
Fan-out and cascade data protection deployments
SnapMirror licensing
Overview
Install a SnapMirror cloud license
DPO systems feature enhancements
Manage SnapMirror volume replication
SnapMirror replication workflow
Configure a replication relationship in one step
Configure a replication relationship one step at a time
Create a destination volume
Create a replication job schedule
Customize a replication policy
Create a custom replication policy
Define a rule for a policy
Define a schedule for creating a local copy on the destination
Create a replication relationship
Initialize a replication relationship
Example: Configure a vault-vault cascade
Convert an existing DP-type relationship to XDP
Convert the type of a SnapMirror relationship
Convert the mode of a SnapMirror synchronous relationship
Create and delete SnapMirror failover test volumes
Serve data from a SnapMirror DR destination volume
Make the destination volume writeable
Configure the destination volume for data access
Reactivate the original source volume
Restore files from a SnapMirror destination volume
Restore a single file, LUN, or NVMe namespace from a SnapMirror destination
Restore the contents of a volume from a SnapMirror destination
Update a replication relationship manually
Resynchronize a replication relationship
Delete a volume replication relationship
Manage storage efficiency
Use SnapMirror global throttling
Manage SnapMirror SVM replication
About SnapMirror SVM replication
Replicate SVM configurations
SnapMirror SVM replication workflow
Criteria for placing volumes on destination SVMs
Replicate an entire SVM configuration
Exclude LIFs and related network settings from SVM replication
Exclude network, name service, and other settings from SVM replication
Specify aggregates to use for SVM DR relationships
SMB only: Create a SMB server
Exclude volumes from SVM replication
Serve data from an SVM DR destination
SVM disaster recovery workflow
Make SVM destination volumes writeable
Reactivate the source SVM
Source SVM reactivation workflow
Reactivate the original source SVM
Reactivate the original source SVM (FlexGroup volumes only)
Resynchronize a destination storage VM
Convert volume replication relationships to an SVM replication relationship
Delete an SVM replication relationship
Manage SnapMirror root volume replication
Overview
Create and initializing load-sharing mirror relationships
Update a load-sharing mirror relationship
Promote a load-sharing mirror
Back up to the cloud
Back up data to the cloud using SnapMirror
Back up data using Cloud Backup
SnapMirror technical details
Use path name pattern matching
Use extended queries to act on many SnapMirror relationships
Ensure a common Snapshot copy in a mirror-vault deployment
Compatible ONTAP versions for SnapMirror relationships
SnapMirror limitations
Archive and compliance using SnapLock technology
What SnapLock is
Configure SnapLock
Overview
Initialize the Compliance Clock
Create a SnapLock aggregate
Create and mount a SnapLock volume
Set the retention time
Create an audit log
Verify SnapLock settings
Manage WORM files
Overview
Commit files to WORM
Commit snapshots to WORM on a vault destination
Mirror WORM files for disaster recovery
Retain WORM files during litigation
Delete WORM files
Move a SnapLock volume
Tamperproof snapshot locking
SnapLock APIs
Consistency groups
Overview
Limits
Configure a single consistency group
Configure a hierarchical consistency group
Protect
Modify
Modify geometry
Modify application and component tags
Clone
Delete
SnapMirror active sync
Introduction
Overview
Architecture
Use cases
Deployment strategy
Plan
Prerequisites
Interoperability
Limits
Configure
Configure ONTAP Mediator and clusters
Configure protection
Convert to SnapMirror active sync
Convert to symmetric active/active
Manage SnapMirror active sync and protect data
Create a common snapshot copy
Perform a planned failover
Recover from automatic unplanned failover operations
Monitor SnapMirror active sync
Add and remove volumes to a consistency group
Upgrade and revert
Remove a SnapMirror active sync configuration
Remove ONTAP Mediator
Troubleshoot
SnapMirror delete operation fails in takeover state
Failure creating a SnapMirror relationship and initializing consistency group
Planned failover unsuccessful
Mediator not reachable or Mediator quorum status is false
Automatic unplanned failover not triggered on Site B
Link between Site B and Mediator down and Site A down
Link between Site A to Mediator Down and Site B down
SnapMirror delete operation fails when fence is set on destination volumes
Volume move operation stuck when primary site is down
Release operation fails when unable to delete Snapshot copy
Volume move reference Snapshot copy shows as the newest
Mediator service for MetroCluster and SnapMirror active sync
Overview
What's new
Install or upgrade
Prepare to install or upgrade
Upgrade host OS and Mediator
Enable access to repositories
Download install package
Verify code signature
Install Mediator package
Verify installation
Post-installation configuration
Manage the Mediator service
Host maintenance
MetroCluster IP site management with System Manager
Data protection using tape backup
Tape backup overview
Tape backup and restore workflow
Use cases for choosing a tape backup engine
Manage tape drives
Overview
Commands for managing tape drives, media changers, and tape drive operations
Use a nonqualified tape drive
Assign tape aliases
Remove tape aliases
Enable or disable tape reservations
Commands for verifying tape library connections
About tape drives
Qualified tape drives overview
Format of the tape configuration file
How the storage system qualifies a new tape drive dynamically
Tape devices overview
Overview
Tape device name format
Supported number of simultaneous tape devices
Tape aliasing
Overview
What physical path names are
What serial numbers are
Considerations when configuring multipath tape access
How you add tape drives and libraries to storage systems
What tape reservations are
Transfer data using ndmpcopy
Overview
Options for the ndmpcopy command
NDMP for FlexVol volumes
About NDMP for FlexVol volumes
About NDMP modes of operation
Overview
What node-scoped NDMP mode is
What SVM-scoped NDMP mode is
Considerations when using NDMP
Environment variable
Overview
Environment variables supported by ONTAP
Common NDMP tape backup topologies
Supported NDMP authentication methods
NDMP extensions supported by ONTAP
NDMP restartable backup extension for a dump supported by ONTAP
What enhanced DAR functionality is
Scalability limits for NDMP sessions
About NDMP for FlexGroup volumes
About NDMP with SnapLock volumes
Manage node-scoped NDMP mode for FlexVol volumes
Overview
Commands for managing node-scoped NDMP mode
User authentication in a node-scoped NDMP mode
Manage SVM-scoped NDMP mode for FlexVol volumes
Overview
Commands for managing SVM-scoped NDMP mode
What Cluster Aware Backup extension does
Availability of volumes and tape devices for backup and restore on different LIF types
What affinity information is
NDMP server supports secure control connections in SVM-scoped mode
NDMP data connection types
User authentication in the SVM-scoped NDMP mode
Generate an NDMP-specific password for NDMP users
How tape backup and restore operations are affected during disaster recovery in MetroCluster configuration
About dump engine for FlexVol volumes
About
How a dump backup works
Types of data that the dump engine backs up
What increment chains are
What the blocking factor is
When to restart a dump backup
How a dump restore works
Types of data that the dump engine restores
Considerations before restoring data
Scalability limits for dump backup and restore sessions
Tape backup and restore support between Data ONTAP operating in 7-Mode and ONTAP
Delete restartable contexts
How dump works on a SnapVault secondary volume
How dump works with storage failover and ARL operations
How dump works with volume move
How dump works when a FlexVol volume is full
How dump works when volume access type changes
How dump works with SnapMirror single file or LUN restore
How dump backup and restore operations are affected in MetroCluster configurations
About SMTape engine for FlexVol volumes
About
Use Snapshot copies during SMTape backup
SMTape capabilities
Features not supported in SMTape
Scalability limits for SMTape backup and restore sessions
What tape seeding is
How SMTape works with storage failover and ARL operations
How SMTape works with volume move
How SMTape works with volume rehost operations
How NDMP backup policy are affected during ADB
How SMTape backup and restore operations are affected in MetroCluster configurations
Monitor tape backup and restore operations for FlexVol volumes
Overview
Access the event log files
What the dump and restore event log message format is
Overview
What logging events are
What dump events are
What restore events are
Enable or disable event logging
Error messages for tape backup and restore of FlexVol volumes
Backup and restore error messages
Resource limitation: no available thread
Tape reservation preempted
Could not initialize media
Maximum number of allowed dumps or restores (maximum session limit) in progress
Media error on tape write
Tape write failed
Tape write failed - new tape encountered media error
Tape write failed - new tape is broken or write protected
Tape write failed - new tape is already at the end of media
Tape write error
Media error on tape read
Tape read error
Already at the end of tape
Tape record size is too small. Try a larger size.
Tape record size should be block_size1 and not block_size2
Tape record size must be in the range between 4KB and 256KB
NDMP error messages
Network communication error
Message from Read Socket: error_string
Message from Write Dirnet: error_string
Read Socket received EOF
ndmpd invalid version number: version_number ``
ndmpd session session_ID not active
Could not obtain vol ref for Volume volume_name
Data connection type ["NDMP4_ADDR_TCP"|"NDMP4_ADDR_TCP_IPv6"] not supported for ["IPv6"|"IPv4"] control connections
DATA LISTEN: CAB data connection prepare precondition error
DATA CONNECT: CAB data connection prepare precondition error
Error:show failed: Cannot get password for user '<username>'
Dump error messages
Destination volume is read-only
Destination qtree is read-only
Dumps temporarily disabled on volume, try again
NFS labels not recognized
No files were created
Restore of the file <file name> failed
Truncation failed for src inode <inode number>…
Unable to lock a snapshot needed by dump
Unable to locate bitmap files
Volume is temporarily in a transitional state
SMTape error messages
Chunks out of order
Chunk format not supported
Failed to allocate memory
Failed to get data buffer
Failed to find snapshot
Failed to create snapshot
Failed to lock snapshot
Failed to delete snapshot
Failed to get latest snapshot
Failed to load new tape
Failed to initialize tape
Failed to initialize restore stream
Failed to read backup image
Image header missing or corrupted
Internal assertion
Invalid backup image magic number
Invalid backup image checksum
Invalid input tape
Invalid volume path
Mismatch in backup set ID
Mismatch in backup time stamp
Job aborted due to shutdown
Job aborted due to Snapshot autodelete
Tape is currently in use by other operations
Tapes out of order
Transfer failed (Aborted due to MetroCluster operation)
Transfer failed (ARL initiated abort)
Transfer failed (CFO initiated abort)
Transfer failed (SFO initiated abort)
Underlying aggregate under migration
Volume is currently under migration
Volume offline
Volume not restricted
NDMP configuration
Overview
Workflow
Prepare for NDMP configuration
Verify tape device connections
Enable tape reservations
Configure SVM-scoped NDMP
Enable SVM-scoped NDMP on the cluster
Enable a backup user for NDMP authentication
Configure LIFs
Configure node-scoped NDMP
Enable node-scoped NDMP on the cluster
Configure a LIF
Configure the backup application
Replication between NetApp Element software and ONTAP
Event, performance, and health monitoring
Monitor cluster performance with System Manager
Overview
Dashboard tour
Identify hot objects
Modify QoS
Monitor risks with Digital Advisor
System Manager insights
Gain insights to help optimize your system
Configure native FPolicy
Monitor and manage cluster performance using the CLI
Overview
Monitor performance
Workflow
Verify that your VMware environment is supported
Active IQ Unified Manager worksheet
Install Active IQ Unified Manager
Download and deploy Active IQ Unified Manager
Configure initial Active IQ Unified Manager settings
Specify the clusters to be monitored
Set up basic monitoring tasks
Perform daily monitoring
Use weekly and monthly performance trends to identify performance issues
Use performance thresholds to generate event notifications
Set performance thresholds
Add alerts
Configure alert settings
Identify performance issues in Active IQ Unified Manager
Use Digital Advisor to view system performance
Manage performance issues
Workflow
Perform basic infrastructure checks
Check protocol settings on the storage system
Check the NFS TCP maximum transfer size
Check the iSCSI TCP read/write size
Check the CIFS multiplex settings
Check the FC adapter port speed
Check the network settings on the data switches
Check the MTU network setting on the storage system
Check disk throughput and latency
Check throughput and latency between nodes
Manage workloads
Identify remaining performance capacity
Identify high-traffic clients or files
Guarantee throughput with QoS
Overview
Enable or disable throughput floors v2
Storage QoS workflow
Set a throughput ceiling with QoS
Set a throughput floor with QoS
Use adaptive QoS policy groups
Set adaptive policy group template
Monitor cluster performance with Unified Manager
Monitor cluster performance with Cloud Insights
Audit logging
How ONTAP implements audit logging
Changes to audit logging in ONTAP 9
Display audit log contents
Manage audit GET request settings
Manage audit log destinations
AutoSupport
Learn about AutoSupport
About AutoSupport
About Digital Advisor and AutoSupport
When and where AutoSupport messages are sent
How AutoSupport creates and sends event-triggered messages
Types of AutoSupport messages and their content
View AutoSupport subsystems
AutoSupport size and time budgets
Files sent in event-triggered AutoSupport messages
Log files sent in AutoSupport messages
Files sent in weekly AutoSupport messages
How AutoSupport OnDemand obtains delivery instructions from technical support
Structure of AutoSupport messages sent by email
AutoSupport severity types
Get AutoSupport message descriptions
Commands for managing AutoSupport
Information included in the AutoSupport manifest
Plan
Prepare to use AutoSupport
Set up AutoSupport
Configure
Manage AutoSupport settings
Suppress AutoSupport case creation during scheduled maintenance windows
Upload files using AutoSupport
Upload core dump files
Upload performance archive files
Troubleshoot
Troubleshoot AutoSupport when messages are not received
Troubleshoot AutoSupport message delivery over HTTPS
Troubleshoot AutoSupport message delivery over SMTP
Troubleshoot the AutoSupport subsystem
Health monitoring
Overview
How health monitoring works
Ways to respond to system health alerts
System health alert customization
How health alerts trigger AutoSupport messages and events
Available cluster health monitors
Receive system health alerts automatically
Respond to degraded system health
Example of responding to degraded system health
Configure discovery of cluster and management network switches
Verify the monitoring of cluster and management network switches
Commands for monitoring the health of your system
Display environmental information
File System Analytics
Overview
Enable File System Analytics
View activity on a file system
Enable Activity Tracking
Enable usage analytics
Take corrective action based on analytics
Role-based access control
Considerations
EMS configuration
Overview
Configure EMS event notifications with System Manager
Configure EMS event notifications with the CLI
Workflow
Configure EMS events to send email notifications
Configure EMS events to forward notifications to a syslog server
Configure SNMP traphosts to receive event notifications
Configure EMS events to forward notifications to a webhook application
Update deprecated EMS event mapping
EMS event mapping models
Update EMS event mapping from deprecated ONTAP commands
ONTAP manual pages
Legal notices