Skip to main content

Help us improve the Digital Marketplace - send your feedback

NETAPP

NetApp All SAN Array (ASA)

On premises or colocated high performance block (SAN) enterprise class storage hardware. Native anti-ransomware, encryption-at-rest, storage efficiencies, data replication and efficient snapshot based application consistent backups.

Features

  • High performance block storage services
  • Autonomous ransomware protection to detect and aid recovery from attack
  • Snapshot based backup, recovery and cross site replication
  • Optionally cloud connected for data classification, backup and replication
  • High performance and density storage reducing costs and CO2 emissions
  • Secure, resilient storage including immutable protection and multi-admin verification
  • Rich quality of service to protect and provide service levels
  • Cold data tiering to cloud to reduce cost and footprint;
  • VMware and application integration for consistent snapshot backups and recovery;

Benefits

  • Backup and recovery data in minutes not hours or days
  • Clone datasets and databases for testing and development without overheads
  • Manage VMware datastores from vSphere without any storage admin tasks
  • Active-active paths to LUNs for highly resilient storage

Pricing

£190 a terabyte

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.roberts@netapp.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

4 7 3 4 7 2 2 5 0 7 1 3 2 1 2

Contact

NETAPP Chris Roberts
Telephone: 07920284901
Email: chris.roberts@netapp.com

Service scope

Service constraints
Replacement and expansion parts must be properly sourced via NetApp or valid partners (and is part of the standard support contract) for support to be valid.
System requirements
  • We have documented standard data center environmental requirements;
  • Network connectivity should be across redundant paths for best practice

User support

Email or online ticketing support
Email or online ticketing
Support response times
Initial technical response objective from time of customer contact, based on priority level and availability of local language support.

At Basic Level
• Priority 1: 2 hours; on a 24/7 basis
• Priority 2: 4hours; on a 24/7 basis
• Priority 3: 16 hours; on a 24/7 basis
• Priority 4: 36 hours; on a 24/7 basis

At Expert Level
• Priority 1: 30 minutes; on a 24/7 Basis
• Priority 2: 2 hours; on a 24/7 Basis
• Priority 3 and 4: Next Business Day (NBD).

For more information please see.
https://mysupport.netapp.com/site/info/policies-and-offerings
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
The web chat has been produced in best practices with a target achieving level AA of WCAG 2.1 but has not been tested.
Web chat accessibility testing
None
Onsite support
Yes, at extra cost
Support levels
NetApp offers three levels of SupportEdge services: Basic, Advisor, and Expert. Each level provides different benefits and features tailored to various business needs.
SupportEdge Basic includes access to NetApp support tools, technical specialists, classic Active IQ capabilities, rapid parts delivery, and the option to upgrade to onsite parts replacement.
SupportEdge Advisor builds upon Basic with faster target response times, predictive and proactive support, parts delivery and replacement, and advanced Active IQ AIOps features like automated risk remediation and digitized health checks.
SupportEdge Expert offers all the features of Advisor, plus faster delivery, onsite installation, priority queueing with direct routing to level 2 support, and personalized services such as a Support Account Manager and managed upgrade services.
As a part of SupportEdge Expert, NetApp provides a Support Account Manager (SAM) and a Cloud Technical Account Manager (CloudTAM). The SAM deeply knows about the customer's NetApp data storage environment and business goals. At the same time, CloudTAM is a customer-aligned cloud technical specialist who provides technical support for hybrid multi-cloud strategies. This feature is available for Advisor customers at an additional cost. See https://www.netapp.com/services/support/supportedge/
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We have extensive documentation, best practice guides, in depth technical reports, web and in person instructor lead training courses, certification exams, yearly technical conferences, onsite bespoke training and knowledge sharing/handover/whiteboading sessions available.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
All data is presented via industry standard block protocols (FC, iSCSI, NVMe-oF). Data can be copied off using any standard approach. We do not lock customers into proprietary protocols or access methods.
End-of-contract process
Typical contracts include hardware and software support for a fixed period (1-6 years). They can optionally include a mid-cycle free controller upgrade to move to a more modern platform. At the end of the contract, the contract can be extended for a flat support price (until the end of service life is reached). Replacement parts can be delivered and optionally installed within 4 hours or next-business-day to suit. All data service protocols, data replication, snapshot based backups, data at rest encryption, web hosted alerting and telemetry, proactive incident management, autonomous ransomware protection and storage efficiency features are included. Add-ons would include services such as Cold data tiering to cloud, backup and replication to cloud, managed services, professional services and training.

Using the service

Web browser interface
Yes
Using the web interface
The web interface is for setup, management and operational oversight of the storage arrays. Admin users can be authenticated into the system via local accounts or AD authenticated account with optional MFA. Admin tasks can be locked to require multi-admin verifcation to protect against accidental changes or compromised admin accounts.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Please see https://www.netapp.com/pdf.html?item=/media/62824-NetApp-ONTAP-System-Manager-VPAT-2.4.pdf
Web interface accessibility testing
The Web interface been produced in best practices with a target achieving level AA of WCAG 2.1 and has been tested against it https://www.netapp.com/pdf.html?item=/media/62824-NetApp-ONTAP-System-Manager-VPAT-2.4.pdf
API
Yes
What users can and can't do using the API
All functionality is made available via our REST APIs, which are well documented. Our own on-box system manager GUI interacts with the storage array via these same APIs. They are native and built in. We have the largest collection of Ansible playbook modules for any storage vendor allow most admin tasks and setup work to be done via automation allowing the solution to confirm to an infrastructure as code management approach.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
  • Other
Using the command line interface
The CLI is the most feature rich aspect way to interact with the ONTAP operating system. All management tasks can be done via CLI, there are also extensive performance and capacity monitoring and reporting functions in the CLI. All interactions with the CLI and logged for audit purposes. There are no limitations to what the command line allows, unless restrictions are put in place on specified accounts using RBAC or MAV (multi-admin verification).

Scaling

Scaling available
Yes
Scaling type
Automatic
Independence of resources
There are extensive quality of service features to set minimums or maximums per volume or workload to protect and delivery consistent service levels at all times.
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • Other
Other usage reporting
An included full featured capacity and performance toolset can be installed to run alongside and monitor NetApp storage arrays called Unified Manager. This allows the creation of bespoke capacity or performance triggers and alerts via e-mail or SNMP alerts. It is also possible to send SNMP alerts and gather capacity and performance information via on-box APIs.

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Per volume latency and QoS metrics.
  • Capacity and performance headroom and forecasting
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Virtual machines including consistent snapshots and cross site DR.
  • Databases including application consistent recoveries without consistency checks being required.
  • VMware datastores at a datastore or VM level
Backup controls
Each storage volume can have a bespoke snapshot backup and replication backup schedule if required. Cross site replication and backup can preserve extended backups on the second site, up to 1023 snapshots with policy driven retention and multi faceted retention (e.g 36 hourly, 28 daily, 60 monthly snapshots retained)
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users schedule backups through a web interface
Backup recovery
Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
ASA has a 6 9s availability guarantee of which we will refund service credits if that is missed. All guarantees require the system to be configured per documentation and the appropriate service level configured.
Approach to resilience
NetApp's service is designed for resilience by offering a comprehensive suite of data protection capabilities that safeguard important information from corruption, compromise, or loss. Our data infrastructure spans on-premises and multiple cloud environments, which can introduce complexity, but we address this with a common control plane to simplify implementation. This is managed via BlueXP, the unified control plane that delivers global visibility and operational simplicity of storage and data services across on-premises and cloud environments.

Our data centers are prepared for the cloud with solutions that deliver performance, lower latencies, and lower storage costs, without sacrificing flexibility. We ensure that customer data remains secure and accessible, regardless of the physical media it is stored on, and its format—file, block, or object, or a mixture of each. Our data management software and operating systems acquire, validate, store, protect, and process organizational data to ensure its accessibility, reliability, and timeliness.

For detailed information on how our data center setup is resilient, including specifics on redundancy, failover mechanisms, and backup strategies, this information is available upon request to ensure the security and confidentiality of our infrastructure.
Outage reporting
There are a series of documented processes for common or known events. Users can report incidents via phone, chat, email or online. Production events that involve extended outages, security breaches or loss of customer data will qualify for a root cause analysis, including timeline of event, customer impact, direct and root cause of event, and improvements made or planned to prevent recurrence. Based on the product and contract please consult your Client Executive for further details or see https://netapp-security.trustshare.com/home
some service outages viewable on https://status.services.cloud.netapp.com/Save and return to service summary
Outages on status.services.cloud.netapp can be subscribed by email, text, Atom or RSS feed.

Identity and authentication

User authentication
Other
Other user authentication
Authentication of iSCSI sessions can be done via CHAP. Access control for FC and NVMe is managed by assignment of allowed ports and host names (WWPN) into interface groups.
Access restrictions in management interfaces and support channels
Admin users connect to dedicated management IP adresses which are redundant across the cluster. They authenticate via a local account, or an AD account with option MFA functionality. SSH CLI sessions can optionally be authenticated via public/private key pairs unique to each admin user.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Schellman & Company, LLC
ISO/IEC 27001 accreditation date
2021 - 2024 depending on service in question
What the ISO/IEC 27001 doesn’t cover
Please see https://trust-center.netapp.com/home/
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
  • SOC 2 (AT Section 101)
  • DoD Approved Products List
  • Commercial Solutions for Classified Data (CSFC).
  • Common Criteria for Hardware and Software.
  • FedRamp
  • FIPS 140
  • GDRP
  • HIPAA
  • NIST SP 800-171.

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
NetApp's governance standards comply with several other standards, including GDPR, CCPA, CPRA, SOC2, NIST SP 800-171, and the requirements under the Defense Federal Acquisition Regulation Supplement (DFARS).

Privacy and data protection
HIPAA healthcare, PCI DSS for payment card security, Gramm-Leach-Bliley Act, Sarbanes-Oxley Act, Federal Information Security Modernization Act (FISMA).
Information security policies and processes
Please see
https://netapp-security.trustshare.com/home
and https://security.netapp.com/policy/ to find out about NetApp's approach to product security processes and policy.
Please see: https://netapp-security.trustshare.com/policies

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
There are a series of documented processes for common or known events. Users can report incidents via phone, chat, email or online. Production events that involve extended outages, security breaches or loss of customer data will qualify for a root cause analysis, including timeline of event, customer impact, direct and root cause of event, and improvements made or planned to prevent recurrence.
Please see https://netapp-security.trustshare.com/home
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
NetApp has a robust product security vulnerability and response handling policy. You can receive reports related to potential security vulnerabilities in NetApp products and services and learn about our standard practices in informing customers of verified vulnerabilities. NetApp follows secure development principles throughout our product development lifecycle. We expand and improve on our secure-development programs on a continuing basis. As a part of our standard procedures, we implement secure design principles, developer training, and extensive testing programs.
For more information please see: https://security.netapp.com/policy/
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
NetApp maintains an Incident Response Plan that outlines the process and timelines for communicating information security incidents externally, including notifying clients if their data may have been breached. The plan takes into account legal, regulatory, and contractual obligations and requirements. The specific procedures and timelines for incident communications may vary depending on the nature of the product or service and its configuration and usage. Clients are advised to refer to their contracts and product documentation for information relevant to their operations. NetApp's Incident Response Plan ensures that incident communications are managed effectively and as per industry best practices. See https://netapp-security.trustshare.com/policies/POL-014
Incident management type
Supplier-defined controls
Incident management approach
NetApp maintains an Incident Response Plan that outlines the process and timelines for communicating information security incidents externally, including notifying clients if their data may have been breached. The plan takes into account legal, regulatory, and contractual obligations and requirements. The specific procedures and timelines for incident communications may vary depending on the nature of the product or service and its configuration and usage. Clients are advised to refer to their contracts and product documentation for information relevant to their operations. NetApp's Incident Response Plan ensures that incident communications are managed effectively and as per industry best practices. See https://netapp-security.trustshare.com/policies/POL-014

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Other
Other virtualisation technology used
ONTAP Storage Virtual Machines (NetApp proprietary storage Operating System)
How shared infrastructure is kept separate
Storage Virtual Machines can leverage different or common authentication methods, which user or application can be segregated into different security domains. Additionally attached storage is virtualised into those segregated security domains. This allows Full RBAC control including zero trust administration

Energy efficiency

Energy-efficient datacentres
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

NetApp's hardware and software solutions are designed to help customers achieve their sustainability goals, including reducing their carbon footprint and optimising data management to conserve energy and resources. To support the complete product lifecycle management, NetApp focuses on energy-efficient technologies such as deduplication, compression, and compaction that dramatically reduce product footprint, lowering overall energy costs. Similarly, using larger capacity media also reduces customers’ footprint and can significantly impact the energy required to run their data centre(s).

Our packaging is made from 98% recycled/renewable materials and we use 80 Plus titanium power supplies for our hardware. Our e-waste and product take-back (free for all customers) programs (https://www.netapp.com/company/environmental-certifications/e-waste-management), adherence to environmental directives (https://www.netapp.com/company/environmental-certifications/), and the provision of sustainability tools like the NetApp Sustainability Dashboard (https://docs.netapp.com/us-en/active-iq/BlueXP_sustainability_dashboard_overview.html) and the Product Attribute to Impact Algorithm (PAIA) methodology to calculate product carbon footprint, all demonstrate our commitment to protecting our environment and fighting climate change.

For more information about NetApp’s environmental, social, and governance (ESG) initiatives, refer to the following URL https://www.netapp.com/esg. Our 2023 ESG report can be downloaded at https://www.netapp.com/pdf.html?item=/media/79434-NetApp-esg-report.pdf. Our Social Impact efforts include offering employees up to five days paid time off each year to volunteer at approved non-profit organizations from a global database, many of which benefit the environment. Specifically in the UK this year, a team volunteered at a nature reserve to remove an invasive species and sow wildflowers.

To summarize, our solutions adhere to circular economy principles that emphasize product durability, end-of-life management, recyclability, and environmental responsibility. For additional information on NetApp’s sustainability efforts, refer to the following URLs https://www.netapp.com/esg/sustainability/ and https://www.netapp.com/esg/sustainable-technology/.

Covid-19 recovery

2021 ESG NetApp’s response to the global pandemic began in January 2020, months before major steps were taken in much of the world launching Thrive Belonging. From matching COVID-related charitable donations to shifting rapidly to remote work, NetApp has taken a mix of steps to keep our teams and communities safe while also delivering products and services uninterrupted.
At the outset, we assembled a company-wide crisis management team to execute our Business Continuity Plan and prepare to mitigate the impact of COVID-19. We put in place measures requiring most of our global workforce to work from home.
Our leadership monitored and managed the situation to mitigate impact to sales, global supply chains, and support and services.
As pandemic risks recede, we’re shifting to a hybrid workplace, a mix of remote and onsite work that promises to deliver a productive balance of engagement and tailored flexibility for employees.
2024 in a COVID-19 recovery world NetApp WX introduced Thrive Together, taking steps such as consultancy with an external organisation to take feedback on how we run an approach to being more present in the office by adjusting the office to meet a post COVID-19 world and taking feedback from internal stakeholders including employees and Employee Business Resource Groups.
While retaining hybrid working, all offices are suitable for social distancing and flexibility is available for those wishing to socially distance such as attending during off-peak times or attending meeting remotely.
In the UK a renovation has taken place to adapt our office to a post Covid-19 based of feedback after a return to the office. NetApp offices have washing and hygiene facilities suitable for all members of staff.
Office workspaces that individuals or groups can also work from flexible across the world booked via a service, including a weekly office day in London.

Tackling economic inequality

We believe that community engagement has the power to bring positive, measurable change to our communities. Through our social impact programs, NetApp empowers our people to care for our communities and harness the power of data/AI for good—investing in programs and partnerships that support economic equality and community vitality in the communities where we live and work around the world.
Our social impact initiatives fall into three categories: data/AI literacy, equity, and sustainability. While the demand for data/AI skills will only increase in the years ahead, students experience significant racial gaps when it comes to data literacy. Through our Data Explorers program, we help bridge those inequities and prepare students for the jobs of the future.
Our equity programs focus on expanding access to data/AI skills and careers for underrepresented groups, closing the racial and gender gaps in the data science field and creating career paths. Finally, we work to accelerate data/AI solutions to support environmental sustainability, recognizing the urgent need to address environmental risks—and the employment opportunities that will accompany these new solutions. In addition to these NetApp investments, we also support employee community engagement programs that empower employees to support the causes they are most passionate about—including organizations that tackle inequality and create career and economic opportunities for others. NetApp supports those efforts through paid volunteer time off, matching donations, grants tied to employee volunteering, and more.

Equal opportunity

NetApp’s work environment is based upon respect for the individual and their particular talents and qualities. We strive to recognize and optimize each employee’s unique differences and individual contributions to foster an environment where everyone has access to equal opportunity and can thrive in their role here at NetApp. NetApp is an equal opportunity employer and makes employment decisions on the basis of merit. We want to have the best available persons in every job. Our policy prohibits unlawful discrimination based on race, color, creed, sex, gender/transgender status, gender identity, gender expression, religion, marital status, age, citizenship status, national origin or ancestry, physical, physiological and mental health condition, medical condition including but not limited to AIDS/HIV, genetic characteristics, pregnancy, sexual orientation, veteran status, or any other consideration made unlawful by federal, state, or local laws.
This policy includes the prohibition against discrimination against any individual who is perceived to have any of the protected characteristics or is associated with a person who has or is perceived as having any of those characteristics. All such discrimination is unlawful. NetApp adheres to legal requirements by offering reasonable adjustments for individuals with disabilities, enabling them to fulfil their job responsibilities, provided there is no undue hardship. An interactive effort is made to discover and mitigate obstacles, ensuring workplace success. Possible adjustments are identified in collaboration with the person to mitigate any limitations. When an accommodation is feasible and does not cause undue hardship, NetApp will implement it to support an accessible work environment. NetApp is committed to compliance with all applicable laws providing equal employment opportunities. This commitment applies to all persons involved in Company operations and prohibits unlawful discrimination by any NetApp employee.

Wellbeing

NetApp are committed to helping employees manage their health and wellbeing. One way we do this is by taking intentional breaks as a company to ensure we come back refreshed and healthy. We have a global Company shutdown at year end (between Christmas & New Year) and three global wellness days during the year to give employees space and time to focus on wellbeing. In addition to this we have a ‘No Meeting Friday’ once per month to allow for uninterrupted focused, productivity time to get work done or to take advantage of the many opportunities NetApp offers for continued career development and growth. We encourage employees not to hold internal meetings (Zoom/Teams, in-person or otherwise) on these days if possible and to use their best judgement for external-facing meetings on these days. NetApp also offers a variety of financial benefits to support financial wellbeing. Employees are eligible for income protection, life assurance and a contributory pension plan.

In the UK, employees have the opportunity to avail of Eyecare tests, dental insurance, private medical insurance and a monthly contribution towards gym membership. Employees also have access to our Employee Assistance Program which supports all aspects of life – physical, financial, emotional and social – through our partnership with Workplace Options, employees can access a variety of resources and confidential support. A Health, Wellbeing & Community Impact team has been set up to creating a supportive environment where we come together to promote physical and mental wellness, foster connections and forge a sense of UK team spirit by connecting employees through health and wellbeing activities and certified ‘mental health first aid’ training.

Pricing

Price
£190 a terabyte
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at chris.roberts@netapp.com. Tell them what format you need. It will help if you say what assistive technology you use.