NSO-162: NetApp NCDA 2022

It's been a few years since I did my NCDA. You need to renew it every two years, but you can do a different NetApp exam to renew it (like NCIE-SAN). Mine has lapsed. Usually (since I've done it a good few times now ... I think 3) I'd just turn up and take the exam. This time I thought I'd do a little prep. If you're experienced with NetApp, the main thing will be to make sure you are up to date, and - as of writing - the exam is up to ONTAP 9.8.

The official NCDA page is here:
https://www.netapp.com/support-and-training/netapp-university-training-and-certification/certification/data-administrator/

Which links to a practice test (practice tests are always useful to help you gauge how much prep you need to do ... if any):
https://learningcenter.netapp.com/content/public/production/extra/certification/NS0-162-PRACTICE/story.html

A few notes.

MFA

MFA requires password or publickey.
More info in TR-4647 (Multifactor Authentication in ONTAP).
Migrate from single-factor to two-factor authentication by using the command:
security login modify -user-or-group-name [username] -application ssh -secondauthentication-method [password or publickey].
If the new second factor is publickey, associate a public key with the user by using the command:
security login publickey create - vserver [SVM_name] -username [username] -index [index_number] -publickey “[public_key_data]”

TSSA

"Temperature-sensitive storage efficiency was introduced in ONTAP 9.8 and was enabled automatically on newly created thin-provisioned AFF volumes." More info here: https://docs.netapp.com/us-en/ontap/volumes/enable-temperature-sensitive-efficiency-concept.html

S3 in ONTAP

TR4814 says "In addition to the data-s3-server service, the data-core service should be included in any service policy to ensure applications using the LIF work as expected."

ONTAP Image Updates from System Manager

In 9.8+ system manager, you can add an ONTAP image from HTTP, FTP, or local client but it's a manual process. It does not support auto updates. System Manager will tell you if images are available to install, but only if they've been manually loaded onto the system. There's no direct link to the NetApp support site and specifying the URL to a tgz file on the NSS doesn’t work.

FlexGroups, FlexCache and QoS

Worth revising on FlexGroups, FlexCache and QoS.

List of Reference TRs for NCDA/NCIE-SAN

• TR-4080 Best practices for modern SAN - https://www.netapp.com/pdf.html?item=/media/10680-tr4080pdf.pdf
• TR-4515 ONTAP AFF All SAN Array systems https://www.netapp.com/pdf.html?item=/media/10379-tr4515pdf.pdf
• TR-4526 Compliant WORM storage using NetApp SnapLock https://www.netapp.com/media/6158-tr4526.pdf
• TR-4684 Implementing and configuring Modern SANs with NVMe/FC https://www.netapp.com/pdf.html?item=/media/10681-tr4684pdf.pdf
• TR-4743 FlexCache in ONTAP 9.8 https://www.netapp.com/pdf.html?item=/media/7336-tr4743.pdf
• TR-4523 DNS Load Balancing in ONTAP Configuration and Best Practices https://www.netapp.com/pdf.html?item=/media/19370-tr-4523.pdf
• TR-4598: FabricPool Best Practices https://www.netapp.com/pdf.html?item=/media/17239-tr4598pdf.pdf
• TR-4569 Security Hardening Guide for NetApp ONTAP https://www.netapp.com/pdf.html?item=/media/10674-tr4569.pdf
• TR-4878: SnapMirror Business Continuity (SM-BC) for ONTAP 9.8 https://www.netapp.com/pdf.html?item=/media/21888-tr-4878.pdf
• TR-4517 ONTAP Select on VMware https://www.netapp.com/zh-hans/media/10662-tr4517.pdf
• TR-4647 Multifactor Authentication in ONTAP 9.3 https://www.netapp.com/pdf.html?item=/media/17055-tr4647pdf.pdf
• S3 in ONTAP best practices https://www.netapp.com/media/17219-tr4814.pdf
• TR-4557 NetApp ONTAP FlexGroup Volumes https://www.netapp.com/pdf.html?item=/media/7337-tr4557.pdf
• TR-4571 FlexGroup volumes Best practices and implementation guide  https://www.netapp.com/pdf.html?item=/media/12385-tr4571pdf.pdf
• QoS - https://docs.netapp.com/us-en/ontap/performance-admin/guarantee-throughput-qos-task.html#about-throughput-ceilings-qos-max

The Practice Test

When I did the practice test, I got 90% on a first try.

These are correct answers to 9 of the 10 questions (the other question needs an exhibit, but yes, for FC zoning to work correctly you need to have the WWPNs of your server and FC LIFs in the zone.)

Q: Which NetApp software do you use to confirm that the SAS cabling is correct?

A: Active IQ Config Advisor

Q: Which two types of HA policies are applied to which types of aggregates?

A1: storage failover (SFO) policy to data aggregates only

A2: controller failover (CFO) policy to root aggregates

Q: A customer has an ONTAP 9.8 AFF A250 with 12 internal SSDs. The customer wants to expand their existing aggregates by adding 12 more SSDs to the empty drive slots in the internal shelf. Which two steps must you take to accomplish this task?

A1: Add the newly created data2 partitions to the partner's existing data aggregate.

A2: ONTAP will automatically partition the SSDs when they are added to the data aggregate.

Q: Your ONTAP 9.8 cluster administrator modified a LIF to use a new service policy. Referring to the below -

cluster1::> network interface modify -vserver cluster1 -lif lif1 -service-policy net-route-announce

- which type of peer connection is used by lif1?

A: BGP

Note: See LIFs and service policies in ONTAP 9.6 and later

Q: You have Windows Server 2019 hosts that use network address translation (NAT) on the network when connecting to their ONTAP 9.8 AFF A400 cluster. You are having iSCSI connectivity issues using IP addresses. The network team recommends using fully qualified domain names (FQDNs.)

Which SAN setting in ONTAP would you modify in this scenario?

A: SendTargets

Q: An administrator has an SVM name VS1 that is being used for UNIX workloads. Name mappings have been configured with both local name mapping files and with LDAP. NIS will not be used in the environment. The administrator needs to ensure that LDAP takes precedence for access over file-based name mappings.

In this scenario, how would you accomplish this task?

A: Use the vserver service name-service ns-switch command to set the order of preference.

Q: You have a Windows 10 computer that lost an SMB drive mapping that used the IP address of your SVM. The mapping was working until security requirements disabled NTLM authentication. Windows Server 2019 servers remained connected to the drive mapping.

Referring to the exhibit (which shows KRB required), what is the reason for this problem?

A: Kerberos requires the server name.

Q: An administrator wants to configure cluster peering between two clusters. In this situation, which role must be used when a LIF is configured?

A: Intercluster.

Q: What are two methods to improve system administration access control security on your ONTAP environment?

A1: Enable SAML Authentication using an Identity Provider that supports multi-factor authentication.

A2: Enable two-factor authentication for SSH access.