NetApp SnapLock
Available in version 8.1 and later |
---|
This page provides a guide to configuring a NetApp SnapLock storage as a Storage Target in Verba.
SnapLock is an alternative to the traditional optical "write once, read many" (WORM) data. SnapLock is used for the storage of read-only WORM data. SnapLock is a license-based, disk-based, open-protocol feature that works with application software to administer non-rewritable storage of data. The primary objective of this Data ONTAP feature is to provide storage-enforced WORM and retention functionality by using open file protocols such as CIFS. SnapLock can be deployed for protecting data in strict regulatory environments in such a way that even the storage administrator is considered an untrusted party. SnapLock provides special purpose volumes in which files can be stored and committed to a nonerasable, non-rewritable state either forever or for a designated retention period. SnapLock allows this retention to be performed at the granularity of individual files through standard open file protocols such as CIFS.
For a general description of Verba Storage targets, please refer to:Â Storage targets
Please refer to the official NetApp SnapLock guide to deploy and configure the NetApp system.
Verba uses the NetApp Manageability SDK.
Creating a NetApp SnapLock target
Follow the steps below to create a new Verba Storage target for NetApp SnapLock:
Step 1Â - Open the Verba Web interface then select Data Management > Storage targets from the top menu.
Step 2Â - Click on Add New Storage Target
Step 3Â - Fill out the configuration form according to the requirements in the following table.
Configuration item | Description |
---|---|
Name | Name your storage target. This name will identify this target across the system. |
Type | Select NetApp SnapLock |
Path | Specify the path where the storage is accessible in the Windows file system (UNC path) |
Volume Path | Specify the NetApp specific volume path |
Host Name or IP Address | Name or address of the NetApp storage |
Port | Access port of the NetApp storage |
API User | User name of the API user configured for Verba access in NetApp SnapLock |
API Password | Password of the API user configured for Verba access in NetApp SnapLock |
Step 4Â - Click Save to save the settings
After this point the Storage target is available for use by other Verba components (e.g. Data management policies).
Configuring SSL certificates for the API connection
NetApp SnapLock can be configured to accept SSL connections from trusted sources only. You can configure the trusted and signed certificates used by the Verba system on the servers directly. If you intend to use multiple NetApp SnapLock systems for Verba, you need to use the same certificates for all, because it is a server side setting in the Verba system. By default Verba uses its own self-signed certificates for the SSL connection.
Follow the steps below to configure the certificates.
Step 1Â - Copy the X.509 certificate and key files to the Verba server
Step 2 - Navigate to the Configuration / Servers
Step 3Â - Click on the Verba server you would like to configure
Step 4 - Click on the Change Configuration Settings tab
Step 5 - Open the Storage Management / Upload Targets / NetApp SnapLock tree on a Verba Recording Server or the Storage Management / Storage Targets / NetApp SnapLock tree on a Verba Media Repository server or on a Verba Media Repository and Recording ServerÂ
Step 6 -Â Configure a trusted custom X.509 certificate for the connection
Step 7 - Click the Save icon and follow the instructions on the page to apply the configuration on the server
Step 8 - Repeat the steps above on all Verba servers where you move files to NetApp SnapLock
NetApp SnapLock compliance clock
When Verba uploads / moves media files to a NetApp SnapLock storage target, setting the retention period with auto delete it takes the clock drift of SnapLock into account at the point of the file move. If the storage goes down at any time during the retention period (between the upload / move and the date of auto-deletion) Verba will not be able to retrieve that information, thus will try to delete the files in question earlier than SnapLock would allow it. As a result, auto-deletion by Verba policies might fail.
Using custom credentials for accessing the file share
Available in version 8.5 and later |
---|
It is possible to use credentials other than the service user for each NetApp SnapLock storage. If you want to use custom credentials check the "Use custom credentials for accessing the file share" checkbox, then provide the credentials.
Configuring connection protocol and vFiler instance name
Available in version 8.7 and later |
---|
By default, Verba uses HTTPS protocol for the NetApp connection. Netapp does not support HTTPS, only HTTP for direct vFiler connection.
There are two options:
- Use direct connection with the vFiler using HTTP
- Tunneling Snaplock requests via the filer which supports HTTPS for this
If HTTPÂ connection is required (option 1, the host/IP must be the vFiler), then the Host Name or IP Address field must be populated in the following format:Â http://hostname_or_ipaddress.
If the vFiler tunneling feature is used (option 2, the host/IP must be the filer), then the instance name has to be specified after the Host Name or IP Address filed after a comma (,) or semicolon (;). Example: hostname;instancename , http://ipaddress,instancename
Configuring connection protocol for Cluster-Mode
Available in version 9.2 and later |
---|
For cluster mode further parameters are needed which can be advertised in the Host Name or IP Address field:
- cluster fqdn or IP
- cluster_mode=1
- vserver=vserver hosting the share
- node=node hosting the vserver
The parameters should be concatenated either with ; or ,
The parameters can be determined from Netapp console with the following commands:
- vserver show
- node show
Example:
IP of the filer is 10.2.1.13
verbalabs::> vserver show
Admin Operational Root
Vserver Type Subtype State State Volume Aggregate
test data default running running test_root test_root
verbalabs admin - - - - -
verbalabs-01
node - - - - -
verbalabs::> node show
Node Health Eligibility Uptime Model Owner Location
verbalabs-01
true true 1 days 15:54 SIMBOX
Then hostname fields value is:
10.2.1.13;cluster_mode=1;vserver=test;node=verbalabs-01
Â