Request doc changes
Edit this page
Learn how to contribute-
PDF of this doc site
-
Set up, upgrade and revert ONTAP
-
Cluster administration
-
Cluster management with the CLI
-
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
NAS auditing and security tracing
-
-
Data protection and disaster recovery
-
Data protection with the CLI
-
-
Collection of separate PDF docs
Creating your file...
This may take a few minutes. Thanks for your patience.
Your file is ready
- ONTAP docs
- Release Notes
- System Manager integration with BlueXP
-
Introduction and concepts
-
ONTAP concepts
- Overview
- ONTAP platforms
- Cluster storage
- High-availability pairs
- AutoSupport and Active IQ Digital Advisor
-
Network architecture
- Client protocols
-
Disks and aggregates
- Volumes, qtrees, files, and LUNs
-
Storage virtualization
-
Path failover
- Load balancing
-
Replication
-
Storage efficiency
-
Security
- Application aware data management
-
ONTAP and the cloud
-
-
Set up, upgrade and revert ONTAP
-
Set up ONTAP
- Overview
- Set up a cluster with System Manager
-
Set up a cluster with the CLI
- Gather information
- Create the cluster on the first node
- Join remaining nodes to the cluster
- Convert management LIFs from IPv4 to IPv6
- Check your cluster with Active IQ Config Advisor
- Synchronize the system time across the cluster
- Commands for managing symmetric authentication on NTP servers
- Additional system configuration tasks to complete
-
Configure All SAN Array software
-
Upgrade ONTAP
- Overview
- Upgrade Paths
- Upgrade with Upgrade Advisor
-
Upgrade without Upgrade Advisor
-
What should I verify before I upgrade with or without Upgrade Advisor?
- Overview of pre-upgrade verifications
- Cluster health
- Storage health
- Reboot SP or BMC
- SVM routing configuration
- LIF failover configuration
- Status (HA, LDAP, DNS, MetroCluster networking and storage)
- All LIFs are on home ports
- Common configuration errors
-
Special considerations
- Summary of special considerations
- Mixed version clusters
- SAN configurations
-
MetroCluster configurations
- Advanced Data Partitioning
- Deduplicated volumes and aggregates
-
SnapMirror
- SnapLock
- Load-sharing mirrors in ONTAP 8.3
- NetApp Storage Encryption
- Netgroups
- LDAP clients using SSLv3
- Session-oriented protocols
- SSH public keys
- Dp-type relationships
- How do I get and install the upgrade software image?
-
Which upgrade method should I use?
-
What should I do after my upgrade?
- Overview of post-upgrade verifications
- Verify your cluster
- Verify all LIFs are on home ports
-
Verify special configurations
- Summary for verifications for special configurations
- Verify your network configuration
- Verify your networking and storage status
- Verify your SAN configuration
- Reconfigure KMIP server connections
- Relocate moved load-sharing mirror source volumes
- Resume SnapMirror operations
- Set the desired NT ACL permissions display level for NFS clients
- Enforce SHA-2 on administrator passwords
- Change in user accounts that can access the Service Processor
- Remove EMS LIF service from network service polices
- Update the DQP
-
Firmware and system updates
-
Revert ONTAP
- Overview
- Do I need technical support?
- What are the revert paths?
-
What should I read before I revert?
- What should I verify before I revert?
-
What else should I check before I revert?
- How do I get and install the revert software image?
- Revert my cluster
-
What should I do after reverting my cluster?
- Verify cluster and storage health
- Enable automatic switchover for MetroCluster configurations
- Enable and revert LIFs to home ports
- Enable Snapshot copy policies
- Verify client access (SMB and NFS)
- Verify IPv6 firewall entries
- Revert password hash function
- Maually update SP firmware
- Verify user accounts that can access the Service Processor
-
-
Cluster administration
-
Cluster management with System Manager
- Administration overview
- Use System Manager to access a Cluster
- Enable new features
- View and submit support cases
- Manage maximum capacity limit of a storage VM
- Monitor capacity with System Manager
- Monitor risks with Active IQ Digital Advisor
- Gain insights to help optimize your system
- View hardware configurations and determine problems
-
Manage nodes
-
Cluster management with the CLI
- Overview
-
Cluster and SVM administrators
-
ONTAP management interface basics
-
Access the cluster by using the CLI (cluster administrators only)
-
Use the ONTAP command-line interface
- Overview
-
About the different shells for CLI commands (cluster administrators only)
- Methods of navigating CLI command directories
- Rules for specifying values in the CLI
- Methods of viewing command history and reissuing commands
- Keyboard shortcuts for editing CLI commands
- Use of administrative privilege levels
- Set the privilege level in the CLI
- Set display preferences in the CLI
- Methods of using query operators
- Methods of using extended queries
- Methods of customizing show command output by using fields
- About positional parameters
- Methods of accessing ONTAP man pages
-
Manage CLI sessions (cluster administrators only)
-
-
Use the ONTAP command-line interface
-
About the different shells for CLI commands (cluster administrators only)
- Methods of navigating CLI command directories
- Rules for specifying values in the CLI
- Methods of viewing command history and reissuing commands
- Keyboard shortcuts for editing CLI commands
- Use of administrative privilege levels
- Set the privilege level in the CLI
- Set display preferences in the CLI
- Methods of using query operators
- Methods of using extended queries
- Methods of customizing show command output by using fields
- About positional parameters
- Methods of accessing ONTAP man pages
-
-
Cluster management basics (cluster administrators only)
-
Manage nodes
- Display node attributes
- Modify node attributes
- Rename a node
- Add nodes to the cluster
- Remove nodes from the cluster
- Access a node’s log, core dump, and MIB files by using a web browser
- Access the system console of a node
-
Rules governing node root volumes and root aggregates
-
Start or stop a node
- Manage a node by using the boot menu
-
Manage a node remotely using the SP/BMC
- Overview
- About the SP
- What the Baseboard Management Controller does
-
Configure the SP/BMC network
- Methods of managing SP/BMC firmware updates
- When the SP/BMC uses the network interface for firmware updates
-
Access the SP/BMC
- Use online help at the SP/BMC CLI
- Commands to manage a node remotely
- About the threshold-based SP sensor readings and status values of the system sensors command output
- About the discrete SP sensor status values of the system sensors command output
- Commands for managing the SP from ONTAP
- ONTAP commands for BMC management
- BMC CLI commands
-
Manage audit logging for management activities
- Manage the cluster time (cluster administrators only)
- Commands for managing the cluster time
-
Manage the banner and MOTD
-
Manage licenses (cluster administrators only)
-
Manage jobs and schedules
-
Back up and restore cluster configurations (cluster administrators only)
- Manage core dumps (cluster administrators only)
- Commands for managing core dumps
-
Monitor a storage system
- Use AutoSupport and Active IQ Digital Advisor
- Manage AutoSupport with System Manager
-
Manage AutoSupport with the CLI
- Overview
- When and where AutoSupport messages are sent
- How AutoSupport creates and sends event-triggered messages
- Types of AutoSupport messages and their content
- What AutoSupport subsystems are
- AutoSupport size and time budgets
- Files sent in event-triggered AutoSupport messages
- Log files sent in AutoSupport messages
- Files sent in weekly AutoSupport messages
- How AutoSupport OnDemand obtains delivery instructions from technical support
- Structure of AutoSupport messages sent by email
- AutoSupport severity types
- Requirements for using AutoSupport
- Set up AutoSupport
- Upload core dump files
- Upload performance archive files
- Get AutoSupport message descriptions
- Commands for managing AutoSupport
- Information included in the AutoSupport manifest
- AutoSupport case suppression during scheduled maintenance windows
-
Troubleshoot AutoSupport
-
Monitor the health of your system
- Overview
- How health monitoring works
- Ways to respond to system health alerts
- System health alert customization
- How health alerts trigger AutoSupport messages and events
- Available cluster health monitors
- Receive system health alerts automatically
- Respond to degraded system health
- Example of responding to degraded system health
- Configure discovery of cluster and management network switches
- Verify the monitoring of cluster and management network switches
- Commands for monitoring the health of your system
- Display environmental information
-
Manage access to web services
-
Verify the identity of remote servers using certificates
-
Disk and tier (aggregate) management
- Overview
-
Manage local tiers (aggregates)
- Overview
-
Prepare to add a local tier (aggregate)
-
Add (create) a local tier (aggregate)
-
Manage the use of local tiers (aggregates)
- Overview
- Rename a local tier (aggregate)
- Set media cost of a local tier (aggregate)
- Determine drive and RAID group information for a local tier (aggregate)
- Assign local tiers (aggregates) to storage VMs (SVMs)
- Determine which volumes reside on a local tier (aggregate)
- Determine and control a volume’s space usage in a local tier (aggregate)
- Determine space usage in a local tier (aggregate)
- Relocate local tier (aggregate) ownership within an HA pair
- Delete a local tier (aggregate)
- Commands for relocating local tiers (aggregates)
- Commands for managing local tiers (aggregates)
-
Add capacity (disks) to a local tier (aggregate)
-
Manage disks
- Overview
- How hot spare disks work
- How low spare warnings can help you manage your spare disks
- Additional root-data partitioning management options
- When you need to update the Disk Qualification Package
-
Disk and partition ownership
- Overview
- About auto-assignment of disk ownership
- Display disk and partition ownership
- Change auto-assignment settings for disk ownership
- Manually assign ownership of disks
- Manually assign ownership of partitioned disks
- Set up an active-passive configuration on nodes using root-data partitioning
- Set up an active-passive configuration on nodes using root-data-data partitioning
- Remove ownership from a disk
- Remove a failed disk
-
Disk sanitization
- Commands for managing disks
- Commands for displaying space usage information
- Commands for displaying information about storage shelves
-
Manage RAID configurations
-
Manage Flash Pool local tiers (aggregates)
- Overview
- Flash Pool local tier (aggregate) caching policies
-
Manage Flash Pool caching policies
- Flash Pool SSD partitioning for Flash Pool local tiers (aggregates) using storage pools
- Flash Pool candidacy and optimal cache size
- Create a Flash Pool local tier (aggregate) using physical SSDs
-
Create a Flash Pool local tier (aggregate) using SSD storage pools
- Overview
- Determine whether a Flash Pool local tier (aggregate) is using an SSD storage pool
- Add cache by adding an SSD storage pool
- Create a Flash Pool using SSD storage pool allocation units
- Determine the impact to cache size of adding SSDs to an SSD storage pool
- Add SSDs to an SSD storage pool
- Commands for managing SSD storage pools
-
FabricPool tier management
- Overview
- Benefits of storage tiers by using FabricPool
- Considerations and requirements for using FabricPool
- About FabricPool tiering policies
- FabricPool management workflow
-
Configure FabricPool
-
Prepare for FabricPool configuration
- Overview
- Add a connection to the cloud
- Install a FabricPool license
- Install a CA certificate if you use StorageGRID
- Install a CA certificate if you use ONTAP S3
-
Set up an object store as the cloud tier for FabricPool
- Overview
- Set up StorageGRID as the cloud tier
- Set up ONTAP S3 as the cloud tier
- Set up Alibaba Cloud Object Storage as the cloud tier
- Set up AWS S3 as the cloud tier
- Specify the AWS S3 configuration information
- Set up Google Cloud Storage as the cloud tier
- Set up IBM Cloud Object Storage as the cloud tier
- Set up Azure Blob Storage for the cloud as the cloud tier
- Set up object stores for FabricPool in a MetroCluster configuration
- Attach the cloud tier to an aggregate
- Tier data to local bucket
-
-
Manage FabricPool
- Overview
- Determine how much data in a volume is inactive by using inactive data reporting
-
Add or move volumes to FabricPool as needed
-
Object tagging using user-created custom tags
- Monitor the space utilization for FabricPool
- Manage storage tiering by modifying a volume’s tiering policy or tiering minimum cooling period
- Archive volumes with FabricPool (video)
- Use cloud migration controls to override a volume’s default tiering policy
-
Promote data to the performance tier
-
Manage FabricPool mirrors
- Commands for managing aggregates with FabricPool
-
SVM data mobility
-
HA pair management
- Overview
- How hardware-assisted takeover works
- How automatic takeover and giveback works
- Automatic takeover commands
- Automatic giveback commands
- Manual takeover commands
- Manual giveback commands
- Testing takeover and giveback
- Commands for monitoring an HA pair
- Commands for enabling and disabling storage failover
- Halt or reboot a node without initiating takeover
-
Rest API management with System Manager
-
-
Volume administration
-
Volume and LUN management with System Manager
- Overview
- Manage volumes
- Add a volume
- Add LUNs
- Expand volumes and LUNs
- Recover deleted volumes
- Save storage space
- Balance load by moving LUNs
- Balance loads by moving volumes to another tier
- Use Ansible Playbooks to add or edit volumes or LUNs
- Manage storage efficiency policies
- Manage resources using quotas
- Limit resource use
- Clone data with FlexClone
- Search, filter, and sort
- Capacity measurements
-
Logical storage management with the CLI
- Overview
-
Create and manage volumes
- Create a volume
-
SAN volumes
- About
- Configure volume provisioning options
- Determine space usage in a volume or aggregate
- Delete Snapshot copies automatically
- Configure volumes to automatically provide more space when they are full
- Configure volumes to automatically grow and shrink their size
- Requirements for enabling both autoshrink and automatic Snapshot copy deletion
- How the autoshrink functionality interacts with Snapshot copy deletion
- Address FlexVol volume fullness and overallocation alerts
- Address aggregate fullness and overallocation alerts
- Considerations for setting fractional reserve
- Display file or inode usage
- Control and monitoring I/O performance to FlexVol volumes by using Storage QoS
- Delete a FlexVol volume
- Protection against accidental volume deletion
-
Delete directories
- Commands for managing FlexVol volumes
- Commands for displaying space usage information
-
Move and copy volumes
-
Use FlexClone volumes to create efficient copies of your FlexVol volumes
-
Use FlexClone files and FlexClone LUNs to create efficient copies of files and LUNs
- Overview
- Create a FlexClone file or FlexClone LUN
- View node capacity for creating and deleting FlexClone files and FlexClone LUNs
- View the space savings due to FlexClone files and FlexClone LUNs
- Methods to delete FlexClone files and FlexClone LUNs
-
How a FlexVol volume can reclaim free space with autodelete setting
-
Use qtrees to partition your FlexVol volumes
-
Logical space reporting and enforcement for volumes
-
Use quotas to restrict or track resource usage
-
Overview of the quota process
- Quota process
- Differences among hard, soft, and threshold quotas
- About quota notifications
- Why you use quotas
- What quota rules, quota policies, and quotas are
- Quota targets and types
-
Special kinds of quotas
- How quotas are applied
- Considerations for assigning quota policies
-
How quotas work with users and groups
- Overview
- How you specify UNIX users for quotas
- How you specify Windows users for quotas
- How default user and group quotas create derived quotas
- How quotas are applied to the root user
- How quotas work with special Windows groups
- How quotas are applied to users with multiple IDs
- How ONTAP determines user IDs in a mixed environment
- How quotas with multiple users work
- How you link UNIX and Windows names for quotas
- How quotas work with qtrees
-
How tree quotas work
-
How qtree changes affect quotas
-
How quotas are activated
-
How you can view quota information
- Overview
- How you can use the quota report to see what quotas are in effect
- Why enforced quotas differ from configured quotas
- Use the quota report to determine which quotas limit writes to a specific file
- Commands for displaying information about quotas
- When to use the volume quota policy rule show and volume quota report commands
-
Difference in space usage displayed by a quota report and a UNIX client
- Examples of quota configuration
- Set up quotas on an SVM
- Modify (or Resizing) quota limits
- Reinitialize quotas after making extensive changes
- Commands to manage quota rules and quota policies
- Commands to activate and modify quotas
-
-
Use deduplication, data compression, and data compaction to increase storage efficiency
- Overview
- Enable deduplication on a volume
- Disable deduplication on a volume
- Manage automatic volume-level background deduplication on AFF systems
- Manage aggregate-level inline deduplication on AFF systems
- Manage aggregate-level background deduplication on AFF systems
- Temperature-sensitive storage efficiency overview
- Set storage efficiency modes
- Check volume efficiency mode
- Change volume efficiency mode
- View temperature sensitive storage efficiency physical footprint savings
- Enable data compression on a volume
- Move between secondary compression and adaptive compression
- Disable data compression on a volume
- Manage inline data compaction for AFF systems
- Enable inline data compaction for FAS systems
- Inline storage efficiency enabled by default on AFF systems
- Enable storage efficiency visualization
-
Create a volume efficiency policy to run efficiency operations
-
Manage volume efficiency operations manually
-
Manage volume efficiency operations using schedules
-
Monitor volume efficiency operations
- Stop volume efficiency operations
- Information about removing space savings from a volume
-
Rehost a volume from one SVM to another SVM
- Storage limits
-
Recommended volume and file or LUN configuration combinations
- Overview
- Determine the correct volume and LUN configuration combination for your environment
- Configuration settings for space-reserved files or LUNs with thick-provisioned volumes
- Configuration settings for non-space-reserved files or LUNs with thin-provisioned volumes
- Configuration settings for space-reserved files or LUNs with semi-thick volume provisioning
-
Cautions and considerations for changing file or directory capacity
-
Features supported with FlexClone files and FlexClone LUNs
- Overview
- How deduplication works with FlexClone files and FlexClone LUNs
- How Snapshot copies work with FlexClone files and FlexClone LUNs
- How access control lists work with FlexClone files and FlexClone LUNs
- How quotas work with FlexClone files and FlexClone LUNs
- How FlexClone volumes work with FlexClone files and FlexClone LUNs
- How NDMP works with FlexClone files and FlexClone LUNs
- How volume SnapMirror works with FlexClone files and FlexClone LUNs
- How volume move affects FlexClone files and FlexClone LUNs
- How space reservation works with FlexClone files and FlexClone LUNs
- How an HA configuration works with FlexClone files and FlexClone LUNs
- FlexGroup volumes management with System Manager
-
FlexGroup volumes management with the CLI
- Overview
- What a FlexGroup volume is
- Supported and unsupported configurations for FlexGroup volumes
-
FlexGroup volume setup
-
Manage FlexGroup volumes
- Monitor the space usage of a FlexGroup volume
- Increase the size of a FlexGroup volume
- Reduce the size of a FlexGroup volume
- Configure FlexGroup volumes to automatically grow and shrink their size
- Delete directories rapidly on a cluster
- Manage client rights to delete directories rapidly
- Create qtrees with FlexGroup volumes
- Use quotas for FlexGroup volumes
- Enable storage efficiency on a FlexGroup volume
- Protect FlexGroup volumes using Snapshot copies
- Move the constituents of a FlexGroup volume
- Use aggregates in FabricPool for existing FlexGroup volumes
- Rebalance FlexGroup volumes
-
Data protection for FlexGroup volumes
- Workflow
- Create a SnapMirror relationship for FlexGroup volumes
- Create a SnapVault relationship for FlexGroup volumes
- Create a unified data protection relationship for FlexGroup volumes
- Create an SVM disaster recovery relationship for FlexGroup volumes
- Transition an existing FlexGroup SnapMirror relationship to SVM DR
- Convert a FlexVol volume to a FlexGroup volume within an SVM-DR relationship
- Considerations for creating SnapMirror cascade and fanout relationships for FlexGroups
- Considerations for creating a SnapVault backup relationship and a unified data protection relationship for FlexGroup volumes
- Monitor SnapMirror data transfers for FlexGroup volumes
-
Manage data protection operations for FlexGroup volumes
-
Convert FlexVol volumes to FlexGroup volumes
- FlexCache volumes management with System Manager
-
FlexCache volumes management with the CLI
-
-
Network management
-
Manage your network with System Manager
-
Set up NAS path failover with the CLI
-
Manage your network with the CLI
- Network management overview
-
Upgrade considerations
-
Networking components of a cluster
-
Configure network ports (cluster administrators only)
- Overview
- Combine physical ports to create interface groups
- Configure VLANs over physical ports
- Modify network port attributes
- Modify MTU setting for interface group ports
- Monitor the health of network ports
- Monitor the reachability of network ports in ONTAP 9.8 and later
- Convert 40GbE NIC ports into multiple 10GbE ports for 10GbE connectivity
- Removing a NIC from the node on ONTAP 9.7 or earlier
- Removing a NIC from the node on ONTAP 9.8 or later
-
Configure IPspaces (cluster administrators only)
-
Configure broadcast domains (cluster administrators only)
-
ONTAP 9.8 and later
- About broadcast domains for ONTAP 9.8 and later
- Example of using broadcast domains
- Add a broadcast domain
- Add or remove ports from a broadcast domain
- Split broadcast domains
- Merge broadcast domains
- Change the MTU value for ports in a broadcast domain
- Display broadcast domains
- Delete a broadcast domain
-
ONTAP 9.7 and earlier
- About broadcast domains for ONTAP 9.7 and earlier
- Example of using broadcast domains
- Create a broadcast domain
- Add or remove ports from a broadcast domain
- Split broadcast domains
- Merge broadcast domains
- Change the MTU value for ports in a broadcast domain
- Display broadcast domains
- Delete a broadcast domain
-
-
Configure failover groups and policies for LIFs
-
Configure subnets (cluster administrators only)
-
Configure LIFs (cluster administrators only)
- Overview
- LIF compatibility with port types
- LIF roles in ONTAP 9.5 and earlier
- LIFs and service policies
- Configure LIF service policies
- Create a LIF
- Modify a LIF
- Migrate a LIF
- Revert a LIF to its home port
- ONTAP 9.8 or later-Recover from an incorrectly configured cluster LIF
- Delete a LIF
- Configure virtual IP (VIP) LIFs
-
Configure host-name resolution
-
Balance network loads to optimize user traffic (cluster administrators only)
-
Secure your network
-
Configure QoS marking (cluster administrators only)
-
Manage SNMP on the cluster (cluster administrators only)
-
Manage routing in an SVM
-
ONTAP port usage on a storage system
-
View network information
- Overview
- Display network port information
- Display information about a VLAN (cluster administrators only)
- Display interface group information (cluster administrators only)
- Display LIF information
- Display routing information
- Display DNS host table entries (cluster administrators only)
- Display DNS domain configurations
- Display information about failover groups
- Display LIF failover targets
- Display LIFs in a load balancing zone
- Display cluster connections
- Commands for diagnosing network problems
- Display network connectivity with neighbor discovery protocols
-
-
NAS storage management
-
Manage NAS protocols with System Manager
- NAS storage overview
- VMware datastores
- Home directories
- Linux servers
- Export policies
- Windows servers
- Both Windows and Linux
- Secure client access with Kerberos
- Provide client access with name services
- Manage directories and files
- Manage host-specific users and groups
- Monitor NFS active clients
-
Enable NAS storage
-
Configure NFS with the CLI
- Overview
- Workflow
-
Preparation
-
Configure NFS access to an SVM
- Create an SVM
- Verify that the NFS protocol is enabled on the SVM
- Open the export policy of the SVM root volume
- Create an NFS server
- Create a LIF
- Enable DNS for host-name resolution
-
Configure name services
-
Use Kerberos with NFS for strong security
-
Add storage capacity to an NFS-enabled SVM
- Where to find additional information
-
How ONTAP exports differ from 7-Mode exports
-
Manage NFS with the CLI
- Overview
-
Understand NAS file access
-
Create and manage data volumes in NAS namespaces
-
Configure security styles
-
Set up file access using NFS
- Overview
-
Secure NFS access using export policies
- How export policies control client access to volumes or qtrees
- Default export policy for SVMs
- How export rules work
- Manage clients with an unlisted security type
- How security types determine client access levels
- Manage superuser access requests
- How ONTAP uses export policy caches
- How the access cache works
- How access cache parameters work
- Removing an export policy from a qtree
- Validating qtree IDs for qtree file operations
- Export policy restrictions and nested junctions for FlexVol volumes
-
Using Kerberos with NFS for strong security
-
Configure name services
-
Configure name mappings
- Enable access for Windows NFS clients
- Enable the display of NFS exports on NFS clients
-
Manage file access using NFS
- Enable or disable NFSv3
- Enable or disable NFSv4.0
- Enable or disable NFSv4.1
- Manage NFSv4 storepool limits
- Enable or disable pNFS
- Controlling NFS access over TCP and UDP
- Controlling NFS requests from nonreserved ports
- Handling NFS access to NTFS volumes or qtrees for unknown UNIX users
- Considerations for clients that mount NFS exports using a nonreserved port
- Performing stricter access checking for netgroups by verifying domains
- Modifying ports used for NFSv3 services
- Commands for managing NFS servers
- Troubleshooting name service issues
- Verifying name service connections
- Commands for managing name service switch entries
- Commands for managing name service cache
- Commands for managing name mappings
- Commands for managing local UNIX users
- Commands for managing local UNIX groups
- Limits for local UNIX users, groups, and group members
- Manage limits for local UNIX users and groups
- Commands for managing local netgroups
- Commands for managing NIS domain configurations
- Commands for managing LDAP client configurations
- Commands for managing LDAP configurations
- Commands for managing LDAP client schema templates
- Commands for managing NFS Kerberos interface configurations
- Commands for managing NFS Kerberos realm configurations
- Commands for managing export policies
- Commands for managing export rules
-
Configure the NFS credential cache
-
Manage export policy caches
-
Manage file locks
- How FPolicy first-read and first-write filters work with NFS
- Modifying the NFSv4.1 server implementation ID
-
Manage NFSv4 ACLs
-
Manage NFSv4 file delegations
-
Configure NFSv4 file and record locking
- How NFSv4 referrals work
- Enable or disable NFSv4 referrals
- Displaying NFS statistics
- Displaying DNS statistics
- Displaying NIS statistics
- Support for VMware vStorage over NFS
- Enable or disable VMware vStorage over NFS
- Enable or disable rquota support
- NFSv3 and NFSv4 performance improvement by modifying the TCP transfer size
- Modifying the NFSv3 and NFSv4 TCP maximum transfer size
- Configure the number of group IDs allowed for NFS users
- Controlling root user access to NTFS security-style data
-
Supported NFS versions and clients
-
NFS and SMB file and directory naming dependencies
- Overview
- Characters a file or directory name can use
- Case-sensitivity of file and directory names in a multiprotocol environment
- How ONTAP creates file and directory names
- How ONTAP handles multi-byte file, directory, and qtree names
- Configure character mapping for SMB file name translation on volumes
- Commands for managing character mappings for SMB file name translation
-
Manage NFS over RDMA
-
Configure SMB with the CLI
- Overview
- Workflow
-
Preparation
-
Configure SMB access to an SVM
- Overview
- Create an SVM
- Verify that the SMB protocol is enabled on the SVM
- Open the export policy of the SVM root volume
- Create a LIF
- Enable DNS for host-name resolution
-
Set up an SMB server in an Active Directory domain
-
Set up an SMB server in a workgroup
- Verify enabled SMB versions
- Map the SMB server on the DNS server
-
Configure SMB client access to shared storage
-
Manage SMB with the CLI
- Overview
-
SMB server support
-
Manage SMB servers
- Modify SMB servers
-
Use options to customize SMB servers
-
Manage SMB server security settings
- How ONTAP handles SMB client authentication
- Guidelines for SMB server security settings in an SVM disaster recovery configuration
- Display information about CIFS server security settings
- Enable or disable required password complexity for local SMB users
- Modify the CIFS server Kerberos security settings
- Set the CIFS server minimum authentication security level
- Configure strong security for Kerberos-based communication by using AES encryption
- Enable or disable AES encryption for Kerberos-based communication
-
Use SMB signing to enhance network security
- Overview
- How SMB signing policies affect communication with a CIFS server
- Performance impact of SMB signing
- Recommendations for configuring SMB signing
- Guidelines for SMB signing when multiple data LIFS are configured
- Enable or disable required SMB signing for incoming SMB traffic
- Determining whether SMB sessions are signed
- Monitor SMB signed session statistics
-
Configure required SMB encryption on SMB servers for data transfers over SMB
-
Secure LDAP session communication
- Configure SMB Multichannel for performance and redundancy
-
Configure default Windows user to UNIX user mappings on the SMB server
- Display information about what types of users are connected over SMB sessions
- Command options to limit excessive Windows client resource consumption
-
Improve client performance with traditional and lease oplocks
-
Apply Group Policy Objects to SMB servers
- Overview
- Supported GPOs
- Requirements for using GPOs with your CIFS server
- Enable or disable GPO support on a SMB server
-
How GPOs are updated on the SMB server
- Manually updating GPO settings on the CIFS server
- Display information about GPO configurations
- Display detailed information about restricted group GPOs
- Display information about central access policies
- Display information about central access policy rules
- Commands for managing CIFS servers computer account passwords
-
Manage domain controller connections
-
Use null sessions to access storage in non-Kerberos environments
-
Manage NetBIOS aliases for SMB servers
-
Manage miscellaneous SMB server tasks
-
Use IPv6 for SMB access and SMB services
-
Set up file access using SMB
-
Configure security styles
-
Create and manage data volumes in NAS namespaces
-
Configure name mappings
-
Configure multidomain name-mapping searches
-
Create and configure SMB shares
- Overview
- What the default administrative shares are
- SMB share naming requirements
- Directory case-sensitivity requirements when creating shares in a multiprotocol environment
-
Use SMB share properties
- Optimize SMB user access with the force-group share setting
- Create an SMB share with the force-group share setting
- View information about SMB shares using the MMC
- Commands for managing SMB shares
-
Secure file access by using SMB share ACLs
-
Secure file access by using file permissions
-
Secure file access by using Dynamic Access Control (DAC)
- Overview
- Supported Dynamic Access Control functionality
- Considerations when using Dynamic Access Control and central access policies with CIFS servers
- Enable or disable Dynamic Access Control
- Manage ACLs that contain Dynamic Access Control ACEs when Dynamic Access Control is disabled
- Configure central access policies to secure data on CIFS servers
- Display information about Dynamic Access Control security
- Revert considerations for Dynamic Access Control
- Where to find additional information about configuring and using Dynamic Access Control and central access policies
-
Secure SMB access using export policies
-
Secure file access by using Storage-Level Access Guard
-
-
Manage file access using SMB
-
Use local users and groups for authentication and authorization
-
How ONTAP uses local users and groups
- Local users and groups concepts
- Reasons for creating local users and local groups
- How local user authentication works
- How user access tokens are constructed
- Guidelines for using SnapMirror on SVMs that contain local groups
- What happens to local users and groups when deleting CIFS servers
- How you can use Microsoft Management Console with local users and groups
- Guidelines for reverting
-
What local privileges are
- Guidelines for using BUILTIN groups and the local administrator account
- Requirements for local user passwords
- Predefined BUILTIN groups and default privileges
-
Enable or disable local users and groups functionality
-
Manage local user accounts
-
Manage local groups
-
Manage local privileges
-
-
Configure bypass traverse checking
-
Display information about file security and audit policies
- Overview
- Display information about file security on NTFS security-style volumes
- Display information about file security on mixed security-style volumes
- Display information about file security on UNIX security-style volumes
- Display information about NTFS audit policies on FlexVol volumes using the CLI
- Display information about NFSv4 audit policies on FlexVol volumes using the CLI
- Ways to display information about file security and audit policies
-
Manage NTFS file security, NTFS audit policies, and Storage-Level Access Guard on SVMs using the CLI
- Overview
- Use cases for using the CLI to set file and folder security
- Limits when using the CLI to set file and folder security
- How security descriptors are used to apply file and folder security
- Guidelines for applying file-directory policies that use local users or groups on the SVM disaster recovery destination
-
Configure and apply file security on NTFS files and folders using the CLI
-
Configure and apply audit policies to NTFS files and folders using the CLI
- Considerations when managing security policy jobs
- Commands for managing NTFS security descriptors
- Commands for managing NTFS DACL access control entries
- Commands for managing NTFS SACL access control entries
- Commands for managing security policies
- Commands for managing security policy tasks
- Commands for managing security policy jobs
-
Configure the metadata cache for SMB shares
-
Manage file locks
-
Monitor SMB activity
-
-
Deploy SMB client-based services
-
Use offline files to allow caching of files for offline use
-
Use roaming profiles to store user profiles centrally on a SMB server associated with the SVM
-
Use folder redirection to store data on a SMB server
- Access the ~snapshot directory from Windows clients using SMB 2.x
-
Recover files and folders using Previous Versions
- Overview
- Requirements for using Microsoft Previous Versions
- Use the Previous Versions tab to view and manage Snapshot copy data
- Determine whether Snapshot copies are available for Previous Versions use
- Create a Snapshot configuration to enable Previous Versions access
- Guidelines for restoring directories that contain junctions
-
-
Deploy SMB server-based services
-
Manage home directories
- How ONTAP enables dynamic home directories
-
Home directory shares
- Add a home directory search path
- Create a home directory configuration using the %w and %d variables
- Configure home directories using the %u variable
- Additional home directory configurations
- Commands for managing search paths
- Display information about an SMB user’s home directory path
- Manage accessibility to users' home directories
-
Configure SMB client access to UNIX symbolic links
- How ONTAP enables you to provide SMB client access to UNIX symbolic links
- Limits when configuring UNIX symbolic links for SMB access
- Control automatic DFS advertisements in ONTAP with a CIFS server option
- Configure UNIX symbolic link support on SMB shares
- Create symbolic link mappings for SMB shares
- Commands for managing symbolic link mappings
-
Use BranchCache to cache SMB share content at a branch office
-
Requirements and guidelines
-
Configure BranchCache
-
Configure BranchCache-enabled SMB shares
-
Manage and monitor the BranchCache configuration
- Modify BranchCache configurations
- Display information about BranchCache configurations
- Change the BranchCache server key
- Pre-computing BranchCache hashes on specified paths
- Flush hashes from the SVM BranchCache hash store
- Display BranchCache statistics
- Support for BranchCache Group Policy Objects
- Display information about BranchCache Group Policy Objects
-
Disable BranchCache on SMB shares
-
Disable or enable BranchCache on the SVM
-
Delete the BranchCache configuration on SVMs
- What happens to BranchCache when reverting
-
Improve Microsoft remote copy performance
-
Improve client response time by providing SMB automatic node referrals with Auto Location
- Overview
- Requirements and guidelines for using automatic node referrals
- Support for SMB automatic node referrals
- Enable or disable SMB automatic node referrals
- Use statistics to monitor automatic node referral activity
- Monitor client-side SMB automatic node referral information using a Windows client
-
Provide folder security on shares with access-based enumeration
-
-
NFS and SMB file and directory naming dependencies
- Overview
- Characters a file or directory name can use
- Case-sensitivity of file and directory names in a multiprotocol environment
- How ONTAP creates file and directory names
- How ONTAP handles multi-byte file, directory, and qtree names
- Configure character mapping for SMB file name translation on volumes
- Commands for managing character mappings for SMB file name translation
-
Provide S3 client access to NAS data
-
SMB configuration for Microsoft Hyper-V and SQL Server
- Overview
- Configure ONTAP for Microsoft Hyper-V and SQL Server over SMB solutions
-
Nondisruptive operations for Hyper-V and SQL Server over SMB
- What are nondisruptive operations?
- Protocols that enable nondisruptive operations over SMB
- Key concepts about nondisruptive operations for Hyper-V and SQL Server over SMB
- How SMB 3.0 functionality supports nondisruptive operations over SMB shares
- What the Witness protocol does to enhance transparent failover
- How the Witness protocol works
-
Share-based backups with Remote VSS
- How ODX copy offload is used with Hyper-V and SQL Server over SMB shares
-
Configuration requirements and considerations
- ONTAP and licensing requirements
- Network and data LIF requirements
- SMB server and volume requirements for Hyper-V over SMB
- SMB server and volume requirements for SQL Server over SMB
- Continuously available share requirements and considerations for Hyper-V over SMB
- Continuously available share requirements and considerations for SQL Server over SMB
- Remote VSS considerations for Hyper-V over SMB configurations
- ODX copy offload requirements for SQL Server and Hyper-V over SMB
- Recommendations for SQL Server and Hyper-V over SMB configurations
-
Plan the Hyper-V or SQL Server over SMB configuration
-
Create ONTAP configurations for nondisruptive operations with Hyper-V and SQL Server over SMB
- Overview
- Verify that both Kerberos and NTLMv2 authentication are permitted (Hyper-V over SMB shares)
- Verify that domain accounts map to the default UNIX user
- Verify that the security style of the SVM root volume is set to NTFS
- Verify that required CIFS server options are configured
- Configure SMB Multichannel for performance and redundancy
- Create NTFS data volumes
- Create continuously available SMB shares
- Add the SeSecurityPrivilege privilege to the user account (for SQL Server of SMB shares)
- Configure the VSS shadow copy directory depth (for Hyper-V over SMB shares)
-
Manage Hyper-V and SQL Server over SMB configurations
-
Use statistics to monitor Hyper-V and SQL Server over SMB activity
-
Verify that the configuration is capable of nondisruptive operations
-
-
SAN storage management
-
SAN administration
-
SAN provisioning
-
NVMe provisioning
-
Manage LUNs
- Edit LUN QoS Policy
- Convert a LUN into a namespace
- Take a LUN offline
- Resize a LUN
- Move a LUN
- Delete a LUN
- What to know before copying LUNs
- Examine configured and used space of a LUN
- Control and monitor I/O performance to LUNs using Storage QoS
- Tools available to effectively monitor your LUNs
- Capabilities and restrictions of transitioned LUNs
- I/O misalignments on properly aligned LUNs
- Ways to address issues when LUNs go offline
- Troubleshoot iSCSI LUNs not visible on the host
-
Manage igroups and portsets
-
Manage iSCSI protocol
- Configure your network for best performance
- Configure an SVM for iSCSI
- Define a security policy method for an initiator
- Delete an iSCSI service for an SVM
- Get more details in iSCSI session error recoveries
- Register the SVM with an iSNS server
- Resolve iSCSI error messages on the storage system
- iSCSI LIF failover for ASA platforms
-
Manage FC protocol
-
Manage NVMe protocol
-
Manage systems with FC adapters
- Overview
- Commands for managing FC adapters
- Configure FC adapters
- View adapter settings
- Change the UTA2 port from CNA mode to FC mode
- Change the CNA/UTA2 target adapter optical modules
- Supported port configurations for X1143A-R6 adapters
- Configure X1143A-R6 adapter ports
- Prevent loss of connectivity when using the X1133A-R6 adapter
-
Manage LIFs for all SAN protocols
-
Recommended volume and file or LUN configuration combinations
- Overview
- Determine the correct volume and LUN configuration combination for your environment
- Calculate rate of data growth for LUNs
- Configuration settings for space-reserved files or LUNs with thick-provisioned volumes
- Configuration settings for non-space-reserved files or LUNs with thin-provisioned volumes
- Configuration settings for space-reserved files or LUNs with semi-thick volume provisioning
-
Data protection methods in SAN environments
- Overview
-
Effect of moving or copying a LUN on Snapshot copies
-
Use FlexClone LUNs to protect your data
- Overview
- Reasons for using FlexClone LUNs
- How a FlexVol volume can reclaim free space with autodelete setting
- Configure a FlexVol volume to automatically delete FlexClone files and FlexClone LUNs
- Clone LUNs from an active volume
- Create FlexClone LUNs from a Snapshot copy in a volume
- Prevent a specific FlexClone file or FlexClone LUN from being automatically deleted
-
Configure and use SnapVault backups in a SAN environment
- How you can connect a host backup system to the primary storage system
- Back up a LUN through a host backup system
-
SAN configurations in a MetroCluster environment
-
SAN concepts
-
About SAN host provisioning
- SAN provisioning with iSCSI
-
iSCSI service management
- SAN provisioning with FC
- SAN provisioning with NVMe
-
About SAN volumes
-
About host-side space management
- About igroups
- Example of how igroups give LUN access
- Specify initiator WWPNs and iSCSI node names for an igroup
-
Storage virtualization with VMware and Microsoft copy offload
-
-
-
SAN configuration reference
- Overview
-
Considerations for iSCSI configurations
- Considerations for FC-NVMe configurations
-
Considerations for FC configurations
-
Manage systems with FC adapters
- Overview
- Commands for managing FC adapters
- Configure FC adapters for initiator mode
- Configure FC adapters for target mode
- Display information about an FC target adapter
- Change the FC adapter speed
- Supported FC ports
- Prevent loss of connectivity when using the X1133A-R6 adapter
-
Manage X1143A-R6 adapters
-
Ways to Configure FCoE
-
Fibre Channel and FCoE zoning
- Requirements for shared SAN configurations
-
Host support for multipathing
-
Configuration limits
- Considerations for SAN configurations in a MetroCluster environment
-
-
S3 object storage management
-
S3 configuration
- Overview
-
S3 support in ONTAP 9
-
About the S3 configuration process
-
Configure S3 access to an SVM
-
Add storage capacity to an S3-enabled SVM
- Storage service definitions
-
Protect buckets with S3 SnapMirror
-
Audit S3 events
-
-
Security and data encryption
-
Manage security with System Manager
-
Manage administrator authentication and RBAC with the CLI
- Overview
- Workflow
- Configuration worksheets
-
Create login accounts
-
Manage access-control roles
-
Manage administrator accounts
- Overview
- Associate a public key with an administrator account
- Manage SSH public keys and X.509 certificates for an administrator account
-
Generate and install a CA-signed server certificate
-
Configure Active Directory domain controller access
-
Configure LDAP or NIS server access
- Change an administrator password
- Lock and unlock an administrator account
- Manage failed login attempts
- Enforce SHA-2 on administrator account passwords
-
Manage multi-admin verification
-
Ransomware protection
-
Antivirus configuration
- Overview
-
About NetApp antivirus protection
- Vscan server installation and configuration
-
Configure scanner pools
-
Configure on-access scanning
-
Configure on-demand scanning
- Enable virus scanning on an SVM
- Reset the status of scanned files
- View Vscan event log information
-
Troubleshoot connectivity issues
-
NAS auditing and security tracing
- Overview
-
Audit NAS events on SVMs
- Overview
-
How auditing works
- Auditing requirements and considerations
- Limitations for the size of audit records on staging files
- What the supported audit event log formats are
- View audit event logs
-
SMB events that can be audited
- NFS file and directory access events that can be audited
- Plan the auditing configuration
-
Create a file and directory auditing configuration on SVMs
-
Configure file and folder audit policies
-
Display information about audit policies applied to files and directories
-
CLI change events that can be audited
-
Manage auditing configurations
- Troubleshoot auditing and staging volume space issues
-
Use FPolicy for file monitoring and management on SVMs
-
How FPolicy works
- What the two parts of the FPolicy solution are
- What synchronous and asynchronous notifications are
- Roles that cluster components play with FPolicy implementation
-
How FPolicy works with external FPolicy servers
- Overview
- How control channels are used for FPolicy communication
- How privileged data access channels are used for synchronous communication
- How FPolicy connection credentials are used with privileged data access channels
- What granting super user credentials for privileged data access means
- How FPolicy manages policy processing
- What the node-to-external FPolicy server communication process is
- How FPolicy services work across SVM namespaces
- FPolicy configuration types
- How FPolicy passthrough-read enhances usability for hierarchical storage management
- Requirements, considerations, and best practices for configuring FPolicy
- What the steps for setting up an FPolicy configuration are
-
Plan the FPolicy configuration
-
Plan the FPolicy external engine configuration
- Additional information about configuring FPolicy external engines to use SSL authenticated connections
- Certificates do not replicate in SVM disaster recovery relationships with a non-ID-preserve configuration
- Restrictions for cluster-scoped FPolicy external engines with MetroCluster and SVM disaster recovery configurations
- Complete the FPolicy external engine configuration worksheet
-
Plan the FPolicy event configuration
- Overview
- Supported file operation and filter combinations that FPolicy can monitor for SMB
- Supported file operation and filter combinations that FPolicy can monitor for NFSv3
- Supported file operation and filter combinations that FPolicy can monitor for NFSv4
- Complete the FPolicy event configuration worksheet
-
Plan the FPolicy policy configuration
-
Plan the FPolicy scope configuration
-
-
Create the FPolicy configuration
-
Modify FPolicy configurations
-
Display information about FPolicy configurations
-
Manage FPolicy server connections
-
-
Use security tracing to verify or troubleshoot file and directory access
- Where to find additional information
-
Manage encryption with System Manager
-
Manage encryption with the CLI
- Overview
-
Configure NetApp Volume Encryption
- Overview
- NetApp Volume Encryption workflow
-
Configure NVE
-
Encrypt volume data with NVE
-
Configure NetApp hardware-based encryption
- Overview
- Hardware-based encryption workflow
-
Configure external key management
- Overview
- Collect network information in ONTAP 9.2 and earlier
- Install SSL certificates on the cluster
- Enable external key management in ONTAP 9.6 and later (HW-based)
- Enable external key management in ONTAP 9.5 and earlier
- Configure clustered external key server
- Create authentication keys in ONTAP 9.6 and later
- Create authentication keys in ONTAP 9.5 and earlier
- Assign a data authentication key to a FIPS drive or SED (external key management)
-
Configure onboard key management
- Assign a FIPS 140-2 authentication key to a FIPS drive
- Enable cluster-wide FIPS-compliant mode for KMIP server connections
-
Manage NetApp encryption
- Unencrypting volume data
- Move an encrypted volume
- Delegate authority to run the volume move command
- Change the encryption key for a volume with the volume encryption rekey start command
- Change the encryption key for a volume with the volume move start command
- Rotate authentication keys for NetApp Storage Encryption
- Delete an encrypted volume
-
Securely purge data on an encrypted volume
- Change the onboard key management passphrase
- Back up onboard key management information manually
- Restore onboard key management encryption keys
- Restore external key management encryption keys
- Replace SSL certificates
- Replace a FIPS drive or SED
-
Make data on a FIPS drive or SED inaccessible
- Return a FIPS drive or SED to service when authentication keys are lost
- Return a FIPS drive or SED to unprotected mode
- Remove an external key manager connection
- Modify external key management server properties
- Transition to external key management from onboard key management
- Transition to onboard key management from external key management
- What happens when key management servers are not reachable during the boot process
- Disable encryption by default with ONTAP 9.7 and later
-
-
Data protection and disaster recovery
-
Data protection with System Manager
- Data protection overview
- Create custom data protection policies
- Configure Snapshot copies
- Recalculate reclaimable space
- Enable or disable client access to Snapshot copy directory
- Recover from Snapshot copies
- Prepare for mirroring and vaulting
- Configure mirrors and vaults
- Resynchronize a protection relationship
- Restore a volume from an earlier Snapshot copy
- Recover from Snapshot copies
- Restore to a new volume
- Reverse resynchronize a protection relationship
- Serve data from a destination
- Configure storage VM disaster recovery
- Serve data from an SVM DR destination
- Reactivate a source storage VM
- Resynchronize a destination storage VM
- Back up data to the cloud using SnapMirror
- Back up data using Cloud Backup
-
Cluster and SVM peering with the CLI
-
Data protection with the CLI
- Overview
-
Manage local Snapshot copies
-
SnapMirror volume replication
- Asynchronous SnapMirror disaster recovery basics
- SnapMirror Synchronous disaster recovery basics
- About workloads supported by StrictSync and Sync policies
- Vault archiving using SnapMirror technology
- SnapMirror unified replication basics
- XDP replaces DP as the SnapMirror default
- When a destination volume grows automatically
- Fan-out and cascade data protection deployments
-
SnapMirror licensing
- DPO systems feature enhancements
-
Manage SnapMirror volume replication
- SnapMirror replication workflow
- Configure a replication relationship in one step
-
Configure a replication relationship one step at a time
- Convert an existing DP-type relationship to XDP
- Convert the type of a SnapMirror relationship
- Convert the mode of a SnapMirror Synchronous relationship
-
Serve data from a SnapMirror DR destination volume
-
Restore files from a SnapMirror destination volume
- Update a replication relationship manually
- Resynchronize a replication relationship
- Delete a volume replication relationship
- Manage storage efficiency
- Use SnapMirror global throttling
- About SnapMirror SVM replication
-
Manage SnapMirror SVM replication
-
Replicate SVM configurations
- SnapMirror SVM replication workflow
- Criteria for placing volumes on destination SVMs
- Replicate an entire SVM configuration
- Exclude LIFs and related network settings from SVM replication
- Exclude network, name service, and other settings from SVM replication
- Specify aggregates to use for SVM DR relationships
- SMB only: Create a SMB server
- Exclude volumes from SVM replication
-
Serve data from an SVM DR destination
-
Reactivate the source SVM
- Convert volume replication relationships to an SVM replication relationship
- Delete an SVM replication relationship
-
-
Manage SnapMirror root volume replication
-
SnapMirror technical details
-
Archive and compliance using SnapLock technology
-
Consistency groups management
-
SnapMirror Business Continuity
- Overview
- Key concepts
-
Planning
-
Manage SnapMirror for Business Continuity using System Manager
-
Installation and setup using the ONTAP CLI
-
Administration
- Create a common snapshot copy
- Perform a planned failover
- Automatic unplanned failover operations
- Basic monitoring
- Add and remove volumes in a consistency group
- Resume protection in a fan-out configuration
- Convert existing relationships to SM-BC relationships
- SM-BC upgrade and revert considerations
- Remove an SM-BC configuration
- Remove ONTAP Mediator
-
Troubleshooting
-