NetApp server configuration

Minimum privileges required for NetApp server auditing

DataSecurity Plus requires privileges to the service account running DataSecurity Plus as well as management credentials to create FPolicy required to perform file auditing in NetApp servers.

User accounts required for configuring NetApp CIFS servers

The DataSecurity Plus user is run by the service account to access shares and AD information if needed. Domain admin credentials or these minimum privileges are required for this account.

In addition to the domain user account configured in DataSecurity Plus, a dedicated NetApp user needs to be created for DataSecurity Plus. This is required to manage the FPolicy stored in NetApp. Separate user privileges are required and can be created using the steps mentioned below.

Privileges required for DataSecurity Plus NetApp user

Create a dedicated DataSecurity Plus NetApp user and provision them with the following commands and permissions. Different versions of NetApp OS require varying commands and permissions.

Note: Users can be created for a cluster or a particular Vserver using the above commands. To create a role for a particular Vserver, add -vserver <vserver_name> in the above commands.

User login methods to be used when creating roles

The user created with the above roles can either be a domain user or local user, but the account should have access to the target NetApp server via ONTAPI or HTTP methods depending on the NetApp OS version.

Configuring a NetApp server

To configure a NetApp server, follow the steps listed below:

• Log in to the DataSecurity Plus web console.
• Configure the domain in which the file server you want to configure is located.
• Select File Audit from the application drop-down.
• Go to Configuration > Data Source > NetApp Server.
• Click + Add Server.
• Select the preferred domain from the Domain Name drop-down. Select the target NetApp Server Name and click Next. You can also enter a new server using the Enter Server Name textbox.
• Select the Shares you want to audit and click Next. Ensure that the user configured in DataSecurity Plus has minimum privileges.
• Under Management Details, choose Vserver or Cluster and enter the Management IP.

Note: NetApp management details are required to manage FPolicy.

• Enter the User Name and Password of a NetApp user account as per the privileges mentioned in the minimum privileges for NetApp auditing section.
• Specify the Port number through which communication should happen and click Next.
• Under the Collector Server tab, choose the Domain Name and Collector Server Name, specify the Collector Port, and click Next.

Note: For NetApp server auditing with DataSecurity Plus, configuring a collector server is required. The collector server acts as an intermediary server that collects file access events from the NetApp server and forwards them to the DataSecurity Plus server. You may configure Windows file servers as collector servers. However, the Windows client OS cannot be configured as collector servers. No separate license is required for configuring collector servers.

• The Review Summary tab will give you an overview of the configured NetApp server, Shares, Management Details, and the Collector Server. After verifying the details, click Configure.

Updating NetApp server configurations

To update a configured NetApp server, follow the below given steps as per your server requirements:

• In theFile Auditapplication drop-down, go to Configuration > Data Source > NetApp Server.
• Select the NetApp server you want to update. Here, you can:
• Add shares by clicking the Add Share link and selecting the share you want to add.
• Update the list of shares available for configuration in the server by clicking the refresh icon at the top-right corner of the table.
• Delete shares by clicking the Edit link and selecting the shares you want to delete.
• To modify a collector server, delete the server under collector details and add one by clicking +Add Collector.

Note: You can also view reports by clicking the View Reports link.

Editing management IP details

To update the management IP details of a configured NetApp server, follow the below given steps:

• Log in to your DataSecurity Plus web console.
• Go to File Audit > Configuration > Data Source > NetApp server under Data Source. You'll see the configured NetApp servers.
• Click View/Edit Details in the NetApp server whose management IP details you want to edit.
• Provide the IP address of your Cluster or Vserver depending on your environment in the Management IP tab.
• Enter the Username and Password.
• Select the Port type through which communication should happen and provide the port number.
• Click Save.

Deleting NetApp server configurations

To delete a configured NetApp server:

• Log in to your DataSecurity Plus web console.
• Go to File Audit > Configuration > Data Source > NetApp server under Data Source. You'll see the configured NetApp server(s).
• Choose the target NetApp server from the configured NetApp panel.
• Click the Delete icon at the top-right corner of the active tab.
• Select OK to delete the NetApp server from DataSecurity Plus.

Note: Once deleted, servers will no longer be audited. However, previously audited data will be retained.

Troubleshooting NetApp configuration

The below table lists the steps to resolve common errors that can arise while setting up NetApp auditing.