Networking requirements for Cloud Manager Edit on GitHub Request doc changes

Contributors netapp-bcammett

Set up your networking so that Cloud Manager can deploy Cloud Volumes ONTAP systems in AWS, Microsoft Azure, or Google Cloud Platform. The most important step is ensuring outbound internet access to various endpoints.

If your network uses a proxy server for all communication to the internet, Cloud Manager prompts you to specify the proxy during setup. You can also specify the proxy server from the Settings page. Refer to Configuring Cloud Manager to use a proxy server.

Connection to target networks

Cloud Manager requires a network connection to the VPCs and VNets in which you want to deploy Cloud Volumes ONTAP.

For example, if you install Cloud Manager in your corporate network, then you must set up a VPN connection to the VPC or VNet in which you launch Cloud Volumes ONTAP.

Outbound internet access

Cloud Manager requires outbound internet access to deploy and manage Cloud Volumes ONTAP. Outbound internet access is also required when accessing Cloud Manager from your web browser and when running the Cloud Manager installer on a Linux host.

The following sections identify the specific endpoints.

Endpoints to manage Cloud Volumes ONTAP in AWS

Cloud Manager requires outbound internet access to contact the following endpoints when deploying and managing Cloud Volumes ONTAP in AWS:

Endpoints Purpose

AWS services (amazonaws.com):

  • CloudFormation

  • Elastic Compute Cloud (EC2)

  • Key Management Service (KMS)

  • Security Token Service (STS)

  • Simple Storage Service (S3)

The exact endpoint depends on the region in which you deploy Cloud Volumes ONTAP. Refer to AWS documentation for details.

Enables Cloud Manager to deploy and manage Cloud Volumes ONTAP in AWS.

https://api.services.cloud.netapp.com:443

API requests to NetApp Cloud Central.

https://cloud.support.netapp.com.s3.us-west-1.amazonaws.com

Provides access to software images, manifests, and templates.

https://cognito-idp.us-east-1.amazonaws.com
https://cognito-identity.us-east-1.amazonaws.com

Enables Cloud Manager to access and download manifests, templates, and Cloud Volumes ONTAP upgrade images.

https://kinesis.us-east-1.amazonaws.com

Enables NetApp to stream data from audit records.

https://cloudmanager.cloud.netapp.com

Communication with the Cloud Manager service, which includes Cloud Central accounts.

https://netapp-cloud-account.auth0.com

Communication with NetApp Cloud Central for centralized user authentication.

https://support.netapp.com/aods/asupmessage
https://support.netapp.com/asupprod/post/1.0/postAsup

Communication with NetApp AutoSupport.

https://support.netapp.com/svcgw
https://support.netapp.com/ServiceGW/entitlement

Communication with NetApp for system licensing and support registration.

https://ipa-signer.cloudmanager.netapp.com

Enables Cloud Manager to generate licenses (for example, a FlexCache license for Cloud Volumes ONTAP)

https://packages.cloud.google.com/yum
https://github.com/NetApp/trident/releases/download/

Required to connect Cloud Volumes ONTAP systems with a Kubernetes cluster. The endpoints enable installation of NetApp Trident.

Various third-party locations, for example:

  • https://repo1.maven.org/maven2

  • https://oss.sonatype.org/content/repositories

  • https://repo.typesafe.org

Third-party locations are subject to change.

During upgrades, Cloud Manager downloads the latest packages for third-party dependencies.

Endpoints to manage Cloud Volumes ONTAP in Azure

Cloud Manager requires outbound internet access to contact the following endpoints when deploying and managing Cloud Volumes ONTAP in Microsoft Azure:

Endpoints Purpose

https://management.azure.com
https://login.microsoftonline.com

Enables Cloud Manager to deploy and manage Cloud Volumes ONTAP in most Azure regions.

https://management.microsoftazure.de
https://login.microsoftonline.de

Enables Cloud Manager to deploy and manage Cloud Volumes ONTAP in the Azure Germany regions.

https://management.usgovcloudapi.net
https://login.microsoftonline.com

Enables Cloud Manager to deploy and manage Cloud Volumes ONTAP in the Azure US Gov regions.

https://api.services.cloud.netapp.com:443

API requests to NetApp Cloud Central.

https://cloud.support.netapp.com.s3.us-west-1.amazonaws.com

Provides access to software images, manifests, and templates.

https://cognito-idp.us-east-1.amazonaws.com
https://cognito-identity.us-east-1.amazonaws.com
https://sts.amazonaws.com

Enables Cloud Manager to access and download manifests, templates, and Cloud Volumes ONTAP upgrade images.

https://kinesis.us-east-1.amazonaws.com

Enables NetApp to stream data from audit records.

https://netapp-cloud-account.auth0.com

Communication with NetApp Cloud Central for centralized user authentication.

https://mysupport.netapp.com

Communication with NetApp AutoSupport.

https://support.netapp.com/svcgw
https://support.netapp.com/ServiceGW/entitlement

Communication with NetApp for system licensing and support registration.

https://ipa-signer.cloudmanager.netapp.com

Enables Cloud Manager to generate licenses (for example, a FlexCache license for Cloud Volumes ONTAP)

https://packages.cloud.google.com/yum
https://github.com/NetApp/trident/releases/download/

Required to connect Cloud Volumes ONTAP systems with a Kubernetes cluster. The endpoints enable installation of NetApp Trident.

Various third-party locations, for example:

  • https://repo1.maven.org/maven2

  • https://oss.sonatype.org/content/repositories

  • https://repo.typesafe.org

Third-party locations are subject to change.

During upgrades, Cloud Manager downloads the latest packages for third-party dependencies.

Endpoints to manage Cloud Volumes ONTAP in GCP

Cloud Manager requires outbound internet access to contact the following endpoints when deploying and managing Cloud Volumes ONTAP in GCP:

Endpoints Purpose

https://www.googleapis.com

Enables Cloud Manager to contact Google APIs for deploying and managing Cloud Volumes ONTAP in GCP.

https://api.services.cloud.netapp.com:443

API requests to NetApp Cloud Central.

https://cloud.support.netapp.com.s3.us-west-1.amazonaws.com

Provides access to software images, manifests, and templates.

https://cognito-idp.us-east-1.amazonaws.com
https://cognito-identity.us-east-1.amazonaws.com
https://sts.amazonaws.com

Enables Cloud Manager to access and download manifests, templates, and Cloud Volumes ONTAP upgrade images.

https://kinesis.us-east-1.amazonaws.com

Enables NetApp to stream data from audit records.

https://netapp-cloud-account.auth0.com

Communication with NetApp Cloud Central for centralized user authentication.

https://mysupport.netapp.com

Communication with NetApp AutoSupport.

https://support.netapp.com/svcgw
https://support.netapp.com/ServiceGW/entitlement

Communication with NetApp for system licensing and support registration.

https://ipa-signer.cloudmanager.netapp.com

Enables Cloud Manager to generate licenses (for example, a FlexCache license for Cloud Volumes ONTAP)

https://packages.cloud.google.com/yum
https://github.com/NetApp/trident/releases/download/

Required to connect Cloud Volumes ONTAP systems with a Kubernetes cluster. The endpoints enable installation of NetApp Trident.

Various third-party locations, for example:

  • https://repo1.maven.org/maven2

  • https://oss.sonatype.org/content/repositories

  • https://repo.typesafe.org

Third-party locations are subject to change.

During upgrades, Cloud Manager downloads the latest packages for third-party dependencies.

Endpoints accessed from your web browser

Users must access Cloud Manager from a web browser. The machine running the web browser must have connections to the following endpoints:

Endpoints Purpose

The Cloud Manager host

You must enter the host’s IP address from a web browser to load the Cloud Manager console.

Depending on your connectivity to your cloud provider, you can use the private IP or a public IP assigned to the host:

  • A private IP works if you have a VPN and direct connect access to your virtual network

  • A public IP works in any networking scenario

In any case, you should secure network access by ensuring that security group rules allow access from only authorized IPs or subnets.

https://auth0.com
https://cdn.auth0.com
https://netapp-cloud-account.auth0.com
https://services.cloud.netapp.com

Your web browser connects to these endpoints for centralized user authentication through NetApp Cloud Central.

https://widget.intercom.io

For in-product chat that enables you to talk to NetApp cloud experts.

Endpoints to install Cloud Manager on a Linux host

The Cloud Manager installer must access the following URLs during the installation process:

  • http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm

  • https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

  • https://s3.amazonaws.com/aws-cli/awscli-bundle.zip

Ports and security groups