Azure NetApp Files

This article describes how to onboard Azure NetApp Files (ANF) share in the Prisma Cloud DSPM platform.

Prerequisites

• Before onboarding the ANF share in the Prisma Cloud DSPM, ensure network connectivity between one of the virtual networks (there’s one per region) in the orchestrator resource group and the virtual network that contains the ANF share. Steps to configure this connectivity are below
• Before onboarding, select a username (existing or new) and a corresponding password for Prisma Cloud DSPM to use in the Active Directory used by the ANF share you want to onboard. Keep both ready for the onboarding process.
• In order to connect to an ANF share the customer must have a working orchestrator.

Network connectivity

1. Before establishing network connectivity, select the region from which you want Prisma Cloud DSPM to classify the data within the ANF share. In the Prisma Cloud DSPM resource group within the orchestrator subscription, find the virtual network corresponding to the selected region, and copy its ID.
2. To determine the virtual network, go to the ANF share page.
3. Under Storage service go to Volumes, and for each volume you’d like to scan do the following:
   1. Go to the virtual network and look for Peerings under Settings, and do the following:
   2. Click Add.
   3. Name the peering link with an indicative name, and check the first checkbox Allow [ANF-vnet-name] to access the peered virtual network.
   4. Give the same name that you selected for the Remote virtual network.
   5. Select Resource manager under the deployment model.
   6. Select the orchestrator VNet (by name or ID)
   7. Check the first check box: Allow the peered virtual network to access [ANF-vnet-name].
   8. Click Add.

Connection steps

1. Locate the desired ANF in the Prisma Cloud DSPM inventory and click on the name to access to asset page.
2. Enter the username you have prepared and select the region in where you want to your ANF data to be processed (Note: This must match the region of the VNet you’ve peered).
3. Click Continue.
4. Select your preferred method of secret handling (creating a new one for Prisma Cloud DSPM or using an existing one) and follow the instructions of the wizard to completion.

Onboarding ANF

Overview

Prisma Cloud DSPM orchestrator is used to securely detect and classify sensitive information in your environment, while keeping your data in the organization. You can integrate all of your Azure NetApp Files accounts with Prisma Cloud DSPM and monitor them using orchestrator. You can either use a single orchestrator to monitor all accounts, or use multiple orchestrators in case separation between environments is required.

Prerequisites

Ensure seamless onboarding of the ANF share in Prisma Cloud DSPM by first verifying network connectivity between the virtual networks. Each region has its own virtual network in the orchestrator resource group, and it should be linked to the virtual network housing the ANF share. Follow the steps below to configure this connectivity.

1. Username and Password Setup
   Prior to onboarding, decide on a username (either existing or new) along with a corresponding password. These credentials will be utilized by Prisma Cloud DSPM in the Active Directory associated with the ANF share during the onboarding process. Ensure that both the username and password are readily available for the onboarding process.
2. Orchestrator Check
   To successfully connect to an ANF share, it is imperative that the customer has a functional orchestrator. Confirm the orchestrator's proper functionality before proceeding with the onboarding process.

Configure Network Connectivity for Prisma Cloud DSPM

Before establishing network connectivity for Prisma Cloud DSPM, it is crucial to select the specific region for data classification within the Azure NetApp Files (ANF) share. Follow the steps below to set up the necessary network configurations.

1. Identify Region
   Determine the region from which you want Prisma Cloud DSPM to classify data within the ANF share.
2. Locate Virtual Network ID
   1. Navigate to the Prisma Cloud DSPM resource group within the orchestrator subscription.
   2. Find the virtual network corresponding to the selected region and copy its ID.
3. Virtual Network Peering
   1. Access the ANF share page under the Storage service, and go to Volumes.
      
   2. Select one of the SMB volumes you wish to scan.
      
4. Configure Virtual Network Peering for Each Volume
   Do the following for each volume you wish to scan:
   1. Go to the virtual network and navigate to Settings > Peerings.
   2. Click + Add.
      
5. Add the Peering Details
   In the Add Peering page, do the following for each volume you wish to scan:
   1. Enter a meaningful Peering link name.
   2. Choose the option Allow [ANF-vnet-name] to access the peered virtual network.
   3. In the Remote virtual network section, enter the same Peering link name.
   4. In the Virtual network deployment model section, choose the Resource manager option.
   5. In the Virtual network drop down, choose the name or ID of the orchestrator virtual network.
   6. Choose the option Allow [peered virtual network] to access the [ANF-vnet-name].
   7. Click Add to successfully establish network connectivity for Prisma Cloud DSPM within the specified region and enable the classification of data within the ANF share.
      

Connection Steps

1. In the Prisma Cloud DSPM Inventory, locate the desired Azure NetApp Files.
2. Click on the name to access the Asset page.
3. In the Asset page, enter the prepared username.
   
4. In the Region drop down, select the region where you want your ANF data to be processed. Make sure it matches the region of the VNet you have peered).
5. Click Continue.
6. Select your preferred method of secret handling:
   Create a new secret for Prisma Cloud DSPM, or use an existing secret.
7. Follow the instructions provided by the wizard to complete the connection process.