NetApp Architecture and File Access Manager

7-mode ONTAPI NetApp

• A 7-mode ONTAPI NetApp can work in one of two architectures, a single physical file server or multiple virtual filers hosted on the same physical machine (by using the Multistore feature).
• The virtual architecture filers enable hosting multiple virtual file servers on single physical machine, with all the benefits included in a virtualized environment.
• In a physical architecture, there will be a single CIFS server configured on the NetApp. The physical filer will be represented by 2 Applications in File Access Manager, one for CIFS, and another for NFS, each with its own set of Activity Monitor / Permissions Collector / Data Classification services.
• For both CIFS/NFS, the File Access Manager connector will communicate directly with CIFS server or the filer IP configured on the physical filer for registering with the FPolicy and calling the Web Ontapi API.
• In a virtual architecture, each virtual file server is called Vfiler, and there is a CIFS server configured on every Vfiler. The name of the CIFS server does not have to match the name of the Vfiler.
• On a Vfiler architecture, Vfiler0 is the default Vfiler. It represents the physical filer.
• Each Vfiler is represented in File Access Manager by two Applications, one for CIFS, and another for NFS, each with its own set of Activity Monitor / Permissions Collector / Data Classification services.
• In a virtual architecture, the FPolicy communication as well as the permissions collection and data classification go directly to the CIFS server configured on the Vfiler or the IPaddress configured for NFS. The Ontapi API calls go to the management IP(the Vfiler 0 IP), and with a destination of the Vfiler name – this mechanism is called Vfiler tunneling.
• The FPolicy communication between the Activity Monitor service and the NetApp is based on the RPC protocol, and both the Activity Monitor must be installed on a server in the same Active Directory domain as filer/vfiler CIFS server.

• File Access Manager can be configured to run multiple Activity Monitor services for a single NetApp application. Each Activity Monitor service implements an FPolicy server. For highly loaded environments it is possible to install multiple Activity Monitors, on different servers, which act together as a single logical Activity Monitor in File Access Manager. This architecture is aimed to increase the number of concurrent events that the NetApp machine can handle by distributing the events between multiple FPolicy servers.

  This architecture is not recommended unless instructed by File Access Manager professional services.

NetApp Cluster Mode (cDot) on version 8.2

• On an 8.2 and above cluster mode NetApp, the architecture is the same as in a 7-mode virtual environment hosting multiple Vfilers.
• Each virtual server on a clustered NetApp is called Vserver, and there will be a single CIFS server configured on each Vserver.
• Each Vserver is represented in File Access Manager by two Applications, one for CIFS, and another for NFS, each will have its own set of Activity Monitor/Permissions Collector/Data Classification services.

• In a virtual architecture, the FPolicy communication, permission collection, and data classification all go directly to the CIFS server configured on the Vserver or to the IP address configured for NFS.
  The ONTAPI API call options are:

  • Using the cluster management IP, with the Vserver name as the destination (a mechanism called Vserver tunneling).
  • Using the Vserver management IP directly.
• The FPolicy communication between the Activity Monitor service and the NetApp is based on XML over TCP, where the Activity Monitor acts as the server, each of the cluster nodes act as the clients. A dedicated unique port must be configured for each Application if multiple Activity Monitor services are on the same server.

• File Access Manager can be configured with to run multiple Activity Monitor services for a single NetApp application. Each Activity Monitor service implements an FPolicy server. For highly loaded environments it is possible to install multiple Activity Monitors, on different server, which will act together as a single logical Activity Monitor in File Access Manager. This architecture is aimed to increase the number of concurrent events that the NetApp machine can handle by distributing the events between multiple FPolicy servers.

  This architecture is not recommended unless instructed by File Access Manager professional services.