Infrastructure & Network Security

Physical Security

The NetApp Instaclustr production infrastructure is hosted across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

Physical and environmental security controls for production servers, including facility access, surveillance, and intrusion detection, are managed by the respective cloud provider. Each provider maintains independent third-party certifications covering physical security.

NetApp follows the best practices of the shared responsibility model described by each cloud provider.

NetApp staff access production infrastructure remotely through a secured management network — see Trust & Access for details on the access path and controls.

Dedicated Infrastructure

Each customer cluster runs on dedicated infrastructure. Instaclustr deploys its managed application onto dedicated virtual machines that are commonly referred to as nodes — there is no multi-tenancy at the virtual machine level.

Customer clusters are created in isolated network environments with no shared nodes, and run independently from each other and from the management environment. The management environment is logically separated from customer clusters. NetApp maintains administrative access to nodes for support and maintenance purposes only — see Trust & Access for details.

Customer application data remains within the cluster environment, including backups, which are stored encrypted in the same region. Nodes are not reused and are terminated and wiped during service upgrade or termination.

Customer environments are designed to continue operating even in the event of management environment failure.

Network Security

Customer Nodes

Inbound access is restricted to the ports required for cluster services, inter-node communication, and NetApp management (SSH). You control which IP addresses are permitted to connect to your clusters through the console.

Direct server access is restricted to NetApp operations and automated management systems via the secured management network. NetApp reviews firewall configurations monthly.

Outbound traffic is blocked by default. Only approved destinations are permitted. Outbound firewalls are automatically provisioned and managed by the platform.

Each customer environment operates in its own isolated virtual network. Clusters do not share network space. Private connectivity options are available for customers who need to connect without public internet exposure.

Management Infrastructure

The management environment is hosted separately from customer clusters, with management instances running in private subnets.

Internet-facing services such as the Console and API are fronted by load balancers and a Web Application Firewall with rules aligned to OWASP best practices.

All egress traffic is routed through controlled gateways with defined allow-lists. Staff access requires VPN with multi-factor authentication.

NetApp Instaclustr Security Overview

Data Protection

Learn about our
Managed platform

Schedule your 1:1 session with one of our open source experts

Schedule a demo