Cleondris SnapGuard with NetApp FPolicy
Cleondris Overview
Who is Cleondris?
Cleondris is a privately held Swiss software company that develops solutions for enterprise storage environments. More specifically, Cleondris can enhance the capabilities of NetApp ONTAP's purpose-built storage OS. There are two offerings: Cleondris SnapGuard and Cleondris Data Manager.
Cleondris Data Manager (CDM)
Cleondris Data Manager provides enhanced data protection of ONTAP, whether on-premises or cloud-based. Additionally, CDM integrates with VMware for orchestrating array-based data protection. For this article, we will be discussing SnapGuard.
Cleondris SnapGuard
Cleondris SnapGuard aids customers in safeguarding their NAS data that resides on NetApp AFF, C-Series and FAS systems.
SnapGuard supports the following features:
- Snapshot scanning - Snapshot scanning enables regular checks on volume indexes for any patterns present in a pattern pool (see Pattern Pool below). This feature can prove beneficial in air-gapped backups or to determine new patterns in existing data.
- SnapGuard Firewall - The firewall monitors access to the NetApp Storage Virtual Machine (SVM) volumes and can stop malicious attacks by CIFS and NFS clients.
- Pattern Pool - A Pattern Pool manages lists of patterns and specifies which patterns should be allowed and which should be blocked. Every pattern in the pool goes through different stages, starting from newly added to either being blocked, allowed or ignored based on predefined criteria.
- Windows Event Viewer (EVTX) - ONTAP includes an auditing mechanism that stores audit information in the EVTX format, which can be viewed using the Windows Event Viewer. Cleondris enhances this capability with additional filtering and viewing options. SnapGuard also has its own CVTX viewer that includes blockchain technology for auditing.
- SnapGuard has a distinctive FPolicy-based firewall integrated into ONTAP and can thwart attacks from malicious clients.
- SnapGuard install/setup is easy and typically done in less than an hour.
SnapGuard can take the following actions if an offending file action occurs:
- Terminate the client's access
- Trigger an emergency snapshot for the affected volume
- Notification of the event via email, SNMP or Syslog
There is no need to install agents or make modifications to ONTAP. SnapGuard connects seamlessly to ONTAP to monitor access.
NetApp FPolicy
For those unfamiliar with NetApp FPolicy, it is a framework for notifying storage administrators of file access. FPolicy is a NAS-only capability for monitoring file access for SMB, NFSv3 and NFSv4. It's important to emphasize that NetApp FPolicy is only a communication mechanism for connection to an FPolicy server provider, such as Cleondris.
FPolicy has built-in support for basic file blocking, allowing administrators to prevent users from storing specific file types. For instance, FPolicy can be used to prohibit the storage of audio and video files from consuming valuable storage resources. The file-blocking capability of FPolicy is based solely on file extensions. This is called Native Mode.
In External Mode, NetApp FPolicy server software partners can enhance the capabilities of FPolicy with additional features such as:
- File screening
- File access reporting
- User and directory quotas
- Hierarchical storage management and archiving solutions
- File replication
- Data governance
FPolicy can function asynchronously or synchronously. ONTAP merely informs the FPolicy server of the file access request for asynchronous. For synchronous, ONTAP informs the FPolicy server of the file access request but waits for a response from the FPolicy server before allowing access to the file.
Figure 1 below shows FPolicy in External Mode and the integration with the Cleondris FPolicy servers via the FPolicy API.
Summary
Early ransomware detection is crucial to prevent its proliferation and minimize costly downtime. However, relying on more than a single protection layer is required for an effective ransomware detection strategy
Cleondris SnapGuard with NetApp FPolicy can be essential to your overall data protection and security framework for unstructured data, whether on-premises or in the cloud.
How WWT can help
For more information on primary storage, data protection, cyber resilience or any of the topics mentioned within the article, connect with one of our storage industry experts today.
We also recommend exploring our Advanced Technology Center (ATC) to gain hands-on experience with the latest technologies and cut your proof-of-concept time from months to weeks. WWT's deep-rooted relationships with major OEMs and our rigorous evaluation of recent technology providers can help streamline decision-making, testing and troubleshooting.
Cleondris®, CDM® (Cleondris Data Manager), and SnapGuard® are registered trademarks of Cleondris Gmb
NetApp®, ONTAP®, and FPolicy® are registered trademarks of NetApp, Inc.