Hardening guidelines for software upgrades
You must keep your StorageGRID system and related services up to date to defend against attacks.
Upgrades to StorageGRID software
Whenever possible, you should upgrade StorageGRID software to the most recent major release or to the previous major release. Keeping StorageGRID up to date helps reduce the amount of time that known vulnerabilities are active and reduces the overall attack surface area. In addition, the most recent releases of StorageGRID often contain security hardening features that aren't included in earlier releases.
Consult the NetApp Interoperability Matrix Tool (IMT) to determine which version of StorageGRID software you should be using. When a hotfix is required, NetApp prioritizes creating updates for the most recent releases. Some patches might not be compatible with earlier releases.
-
To download the most recent StorageGRID releases and hotfixes, go to NetApp Downloads: StorageGRID.
-
To upgrade StorageGRID software, see the upgrade instructions.
-
To apply a hotfix, see the StorageGRID hotfix procedure.
Upgrades to external services
External services can have vulnerabilities that affect StorageGRID indirectly. You should ensure that the services that StorageGRID depends on are kept up to date. These services include LDAP, KMS (or KMIP server), DNS, and NTP.
Use the NetApp Interoperability Matrix Tool to get a list of supported versions.
Upgrades to hypervisors
If your StorageGRID nodes are running on VMware or another hypervisor, you must ensure that the hypervisor software and firmware are up to date.
Use the NetApp Interoperability Matrix Tool to get a list of supported versions.
Upgrades to Linux nodes
If your StorageGRID nodes are using Linux host platforms, you must ensure that security updates and kernel updates are applied to the host OS. Additionally, you must apply firmware updates to vulnerable hardware when these updates become available.
Use the NetApp Interoperability Matrix Tool to get a list of supported versions.