To enable the Varonis Metadata Framework to connect to a NetApp file server operating in cluster mode, you must configure an FPolicy for it.
This PowerShell script, which I based off of Technical Report TR-4429 (referenced below for further reading), will automate:
- Creating the FPolicy Event Object
- Creating the FPolicy External Engine
- Creating the FPolicy Object
- Creating the Fpolicy Scope Object
- Configuring the Login Method for DatAdvantage
- Configuring the Varonis service account as CIFS superuser (To enable the Management Console to correctly detect NetApp cluster shares, the Varonis service account must be a member of the Domain Administrators group, or added as a CIFS superuser.)
- Enabling the FPolicy
#requires -Version 2 -Modules DataONTAP
param (
$vservs = ('VSERVER_NAME'),
$varcollectserver = 'VARONIS PROBE/COLLECTOR IP',
$varsvcactdomain = 'DOMAIN',
$varsvcactuser = 'USER'
)
Import-Module -Name DataONTAP
$FASName = Read-Host -Prompt 'Enter the FQDN of your NetApp array'
If ($FASName -eq '')
{
Write-Host -Object 'No selection made, script now exiting.'
exit
}
Connect-NcController -Name $FASName -Credential (Get-Credential)
foreach ($vserv in $vservs)
{
New-NcFpolicyEvent -Name fp_event_varonis_cifs -Protocol cifs -FileOperation create, create_dir, delete, delete_dir, read, write, rename, rename_dir, setattr -Filter first_read, first_write -VserverContext $vserv
New-NcFpolicyExternalEngine -Name fp_ex_eng -PrimaryServer $varcollectserver -Port 2002 -SslOption no_auth -Asynchronous -VserverContext $vserv
New-NcFpolicyPolicy -Name Varonis -Event fp_event_varonis_cifs -EngineName fp_ex_eng -NonMandatory -VserverContext $vserv
New-NcFpolicyScope -PolicyName Varonis -VolumesToInclude '*' -ExportPoliciesToInclude '*' -VserverContext $vserv
New-NcUser -UserName ($varsvcactdomain + '' + $varsvcactuser) -Vserver $vserv -Application ontapi -AuthMethod domain -Role vsadmin
Invoke-NcSsh -Command "set -privilege advanced;vserver cifs superuser create -domain $varsvcactdomain -accountname $varsvcactuser -vserver $vserv;vserver cifs superuser show -vserver $vserv"
Enable-NcFpolicyPolicy -Name Varonis -SequenceNumber 1 -VserverContext $vserv
}
Further reading: