Skip to main content
NetApp Knowledge Base

SWS and FPolicy: Frequently Asked Questions

  1. Last updated
  2. Save as PDF
Views:
13
Visibility:
Public
Votes:
0
Category:
data-infrastructure-insights
Specialty:
oci
Last Updated:

Applies to

  • Storage Workload Security (SWS)
  • Data Collector (DC)
  • SAN (Storage Area Network) Protocol
  • NAS (Network Attached Storage) Protocol
  • iSCSI (Internet Small Computer System Interface) Protocol
  • FCP (Fibre Channel Protocol)
  • SVM (Storage Virtual Machine) a.k.a vServer
  • SMB (Server Message Block) Protocol
  • CIFS (Common Internet File System) Protocol
  • Fpol (Fpolicy)

Answer

Question Answer
Can SWS DC support SAN protocol (iSCSI & FCP)? No
Can SWS DC support NAS protocol (NFS & SMB/CIFS)? Yes
How many SWS DC needed to be created to monitor / audit "3 - SVMs" on a cluster? 3
Types of SWS DC? ONTAP DC & User Directory Collector
If user directory collector is failing, did it impact ONTAP DC? No
How many Fpol will be create per protocol in ONTAP per SVM?

2 - Fpol per protocol per SVM

::*> vserver fpol show -vserver <vserver_name>
SWS Fpol naming convention seen in ONTAP?

cloudsecure_<vserver><priority_number>_policy

::*> vserver fpol show-enabled -vserver <vserver_name>
How to check the Fpol status (on/off) on a vServer? ::*> vserver fpol show -vserver <vserver_name>
Is it normal in a 2-node cluster, we see "disconnected" server status on node 1b?

Yes

::*> vserver fpol show-engine -vserver svm1
                                                    FPolicy           Server         Server
Vserver Policy Name                     Node         Server            Status         Type
------- -------------               ------------ ----------------- -------------- -----------
svm1    cloudsecure_svm11_policy  cluster-1a        10.2.2.35       connected      primary
svm1    cloudsecure_svm13_policy  cluster-1a        10.2.2.35       connected      primary
svm1    cloudsecure_svm12_policy  cluster-1a        10.2.2.35       connected      primary
svm1    cloudsecure_svm14_policy  cluster-1a        10.2.2.35       connected      primary
svm1    cloudsecure_svm11_policy  cluster-1b        10.2.2.35      disconnected    primary
svm1    cloudsecure_svm13_policy  cluster-1b        10.2.2.35      disconnected    primary
svm1    cloudsecure_svm12_policy  cluster-1b        10.2.2.35      disconnected    primary
svm1    cloudsecure_svm14_policy  cluster-1b        10.2.2.35      disconnected    primary
8 entries were displayed.
How to check what ports are used by Fpol engine? ::*> vserver  fpol pol external-engine  show -vserver <vserver_name>
Can i pause the user directory collector in SWS? No
Can i pause the ONTAP DC in SWS?

Yes [Manually from SWS UI]

Note: Pausing ONTAP data collector in SWS using API is not available at this time
If i pause the ONTAP DC in SWS, what will happen to Fpol in ONTAP? Fpol will be remove from SVM (vserver), Fpol will be re-added again when you resume the ONTAP DC.
What is the name of SWS agent service and how to check the status?

Name: cloudsecure-agent.service

cmd > systemctl status cloudsecure-agent.service

Additional Information

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.