Friday, January 19, 2018

ONTAP 9.3 SVM Root Volume Protection




SVM root volume protection:

To protect the storage virtual machine SVM) namespace root volume, you can create a load-sharing mirror volume on every node in the cluster, including the node in which the root volume is located. Then you create a mirror relationship to each load-sharing mirror volume and initialize the set of load-sharing mirror volumes.

Creating load-sharing mirror volumes :

For protecting the root volume of a storage virtual machine (SVM), you must create a FlexVol volume on every node of the cluster and designate it as a load-sharing mirror destination.

A group of load-sharing mirror destination volumes that replicate from the same source volume is referred to as a load-sharing mirror set.




Creating load-sharing mirror relationships :

You must create a load-sharing mirror relationship between the root volume of the storage virtual machine (SVM) and each of the load-sharing mirrors created for the SVM root volume protection.


List the SVM source root volume and protection volumes.


Now create a Load sharing (LS) snapmirror relationship to other destination volumes.



Now initialize  the relationship using the following command.





List the status of the root volume in System Manager.




These are the two destination LS shared volumes.



Now volumes are in the LS type.



SVM root volume restore (Recovery) :

If the storage virtual machine (SVM) root volume becomes unavailable and you have protected it with a set of load-sharing mirrors, you can promote one of the mirrored volumes and then rename it to take the place of the original SVM source volume.

Restoring the SVM root volume by promoting a load-sharing mirror :

If the storage virtual machine (SVM) root volume becomes unavailable, read access is provided through the load-sharing mirror volumes. To enable write access to the SVM root volume, you must promote one of the load-sharing mirror volumes and rename it with the original SVM root volume name.

Now use the snapmirror promote command to restore the root volume.













Posted by at No comments:

ONTAP 9.3 Fan-out and cascade data protection deployments



Fan-out and cascade data protection deployments:

You can use a fan-out deployment to extend data protection to multiple secondary systems. You can use a cascade deployment to extend data protection to tertiary systems. Both deployments support any combination of SnapMirror DR, SnapVault, or unified replication.

How fan-out deployments work
mirror-vault fan-out deployment consists of a source volume that has a mirror relationship to a secondary volume and a SnapVault relationship to a different secondary volume.

Data protection deployment: mirror-vault fanout
multiple-mirrors fan-out deployment consists of a source volume that has a mirror relationship to multiple secondary volumes.

Data protection deployment: multiple-mirrors mirrors fanout

How cascade deployments work :

mirror-mirror cascade deployment consists of a chain of relationships in which a source volume is mirrored to a secondary volume, and the secondary volume is mirrored to a tertiary volume. If the secondary volume becomes unavailable, you can synchronize the relationship between the primary and tertiary volumes without performing a new baseline transfer.

SnapMirror deployment: Source to mirror-mirror cascade chain

mirror-vault cascade deployment consists of a chain of relationships in which a source volume is mirrored to a secondary volume, and the secondary volume is vaulted to a tertiary volume.

SnapMirror deployment: Source to mirror-vault cascade chain
Vault-vault and vault-mirror cascade deployments are also supported:
  • vault-vault cascade deployment consists of a chain of relationships in which a source volume is vaulted to a secondary volume, and the secondary volume is vaulted to a tertiary volume.
  • vault-mirror cascade deployment consists of a chain of relationships in which a source volume is vaulted to a secondary volume, and the secondary volume is mirrored to a tertiary volume.

Steps to configure the Cascading Protection Deployment:

List the Vserver information. 

This example I am using the single cluster and 3 vservers 

=> vsnew  --- Source Vserver
=> vsdest  ---- Destination Vserver
=> vstertiary  --- Tertiary Vserver



Create a Cluster and SVM level peer relationship (Source -- Destination --- Tertiary)



Create a RW source volume in vsnew vserver and create a DP volume to destination and Tertiary vservers.





Create some files in source volume.



Now create a snapmirror relationship to destination vserver (vsnew ---- vsdest)




Now initialize the replication process using the following command.



Check the destination volume, which contains source volume files.




Now create a snapmirror relationship from Destination to Tertiary (vsdest  ----- vstertiary)



Initialize it now.



Now Cascade mirror - Mirror relationship got created and initialized.




Check the protection relationship from System Manager.



Now you append some text to an existing files in source volume.

This update will replicate as per your schedule.




After your schedule time, you will be able to see the files.




You can use the wildcard characters also to query the snapmirror details.



You can use the cluster wide options to set the throttle also.




Posted by at 1 comment:

Thursday, January 18, 2018

ONTAP 9.3 Data Protection



ONTAP 9.3 Snap Mirror:

Starting with ONTAP 9.3, SnapMirror extended data protection (XDP) mode replaces SnapMirror data protection (DP) mode as the SnapMirror default.

If you specify...
The type is...
The default policy (if you do not specify a policy) is...
DPXDPMirrorAllSnapshots (SnapMirror DR)
NothingXDPMirrorAllSnapshots (SnapMirror DR)
XDPXDPXDPDefault (SnapVault)


First Check the snapmirror license.


Check the Cluster and Peer Relationship between the clusters and SVMs.


Configuring a replication relationship in one step

Starting in ONTAP 9.3, you can use the snapmirror protect command to configure a data protection relationship in a single step. You specify a list of volumes to be replicated, an SVM on the destination cluster, a job schedule, and a SnapMirror policy. snapmirror protect does the rest.




This single command automatically creates destination volumes with the prefix and suffix, then create a snapmirror relationship and initialize it automatically.

In a single command you can use multiple volumes replication also.


Now default type is XDP for snapmirror.





Check the protection relationships from System Manager GUI.




From the volume tab in  details.




You can create a protect relationship using System Manager also.




Select the source cluster and SVM and Destination cluster and SVM.




Now it creates relationship and Initialize also.



Posted by at 1 comment:

Friday, January 12, 2018

ONTAP 9.3 Volume Encryption



Configuring NetApp Volume Encryption

NetApp Volume Encryption (NVE) is a software-based technology for encrypting data at rest one volume at a time. An encryption key accessible only to the storage system ensures that volume data cannot be read if the underlying device is re purposed, returned, misplaced, or stolen.


Both data, including Snapshot copies, and metadata are encrypted. Access to the data is given by a unique XTS-AES-256 key, one per volume. An external key management server or Onboard Key Manager serves keys to nodes:
  • The external key management server is a third-party system in your storage environment that serves keys to nodes using the Key Management Interoperability Protocol (KMIP).
  • The Onboard Key Manager is a built-in tool that serves keys to nodes from the same storage system as your data.

Configuring NVE

You must install the NVE license and configure key management services before you can encrypt data with NVE. Before installing the license, you should determine whether your ONTAP version supports NVE.

Determine whether your cluster version supports NVE:version -v
NVE is not supported if the command output displays the text "no-DARE" (for "no Data At Rest Encryption").

Check the VE license using license show command.




Then run the security key-manager setup command to setup the onboard or external key manager.

Select on board or external.

Type the passphrase.




List the key-manager backup using the following command.

> security key-manager backup show


To list the nodes key information.



Create a new volume with option -encrypt true. This will create a new volume with encryption.



To list the encrypted volumes, use the following command.



Posted by at No comments:

ONTAP 9.3 Advanced Cluster Setup



Cluster Peering and SVM peering:



In System Manager, select the advanced cluster feature, click the cluster peering.




This setup will do the following steps:

1. Check the intercluster role LIF
2. Cluster Peer
3. SVM Peer.

First it will check the Intercluster role LIF and fetch the details also.




Then provide the destination cluster ipaddress of Intercluster role LIF and pass phrase.




Provide the pass phrase and initiate the cluster peering.




Now the cluster peer created successfully.




Now this will take you to peer the SVM.

Provide the SVM information on both source and Destination cluster.

Initiate the SVM peer relationship.







SVM peer created successfully.




List the cluster and SVM peer information summary.






List the peer information in CLI using the following command.




Posted by at No comments:
Subscribe to: Posts (Atom)