Launching ONTAP Cloud in AWS Edit on GitHub

You can launch ONTAP Cloud in a single-system configuration or as an HA pair in AWS.

Launching a single ONTAP Cloud system in AWS

If you want to launch an ONTAP Cloud instance in AWS, you need to create an ONTAP Cloud working environment in Cloud Manager.

Before you begin
  • You should have prepared by choosing a configuration and by obtaining AWS networking information from your administrator. For details, see Planning your ONTAP Cloud configuration.

  • If you want to launch an ONTAP Cloud BYOL instance, you must have the 20-digit serial number (license key) and you must have credentials for a NetApp Support Site account, if the tenant is not already linked with an account.

  • If you want to use CIFS, you must have set up DNS and Active Directory. For details, see AWS networking requirements.

About this task

Immediately after you create the working environment, Cloud Manager launches a test instance in the specified VPC to verify connectivity. If successful, Cloud Manager immediately terminates the instance and then starts deploying the ONTAP Cloud system. If Cloud Manager cannot verify connectivity, creation of the working environment fails. The test instance is either a t2.nano (for default VPC tenancy) or m3.medium (for dedicated VPC tenancy).

Steps
  1. On the Working Environments page, click Add environment.

  2. Under Create, select ONTAP Cloud.

  3. On the Details and Credentials page, enter a name for the working environment, add AWS tags if needed, enter a password, and then click Continue.

    Some of the fields in this page are self-explanatory. The following table describes fields for which you might need guidance:

    Field Description

    Credentials

    These are the credentials for the ONTAP Cloud cluster admin account. You can use these credentials to connect to ONTAP Cloud through OnCommand System Manager or its CLI.

    Name

    Cloud Manager uses the working environment name to name both the ONTAP Cloud system and the Amazon EC2 instance. It also uses the name as the prefix for the predefined security group, if you select that option.

    AWS tags

    AWS tags are metadata for your AWS resources. Cloud Manager adds the tags to the ONTAP Cloud instance and each AWS resource associated with the instance. For information about tags, refer to AWS Documentation: Tagging your Amazon EC2 Resources.

    If AWS keys were not specified for your Cloud Manager account, you are prompted to enter them after you click Continue. You need to enter them before you can proceed.
  4. On the Location page, enter the network information that you recorded in the AWS worksheet and then click Continue.

    The following image shows the Location page filled out:

    Screen shot: Shows the VPC page filled out for a new ONTAP Cloud instance.

  5. On the Data Encryption page, choose no data encryption, ONTAP Cloud-managed encryption, or AWS-managed encryption.

    To better understand these options, see Data encryption in AWS.

    For AWS-managed encryption, you can choose a different master key if more than one key is available in your account.

    If Cloud Manager was not set up for encryption, the Cloud Manager Admin must set it up. See Setting up ONTAP Cloud encryption.
  6. If you chose ONTAP Cloud encryption, select one to four key managers, select the certificate of the CA that signed the server certificate for each key manager, and then click Continue.

    The key manager CA certificate is for all selected key managers, which means the same certificate authority (CA) must have signed the server certificate for each key manager.
  7. On the ONTAP Cloud BYOL License page, specify whether you want to enter a license for this ONTAP Cloud system.

    To understand how licenses work, see Licensing.

  8. On the Preconfigured Packages page, select one of the packages to quickly launch an ONTAP Cloud system, or click Create my own configuration.

    If you choose one of the packages, you only need to specify a volume and then review and approve the configuration.

  9. On the IAM Role page, you should keep the default option to let Cloud Manager create the role for you.

    If you prefer to use your own policy, it must meet policy requirements for ONTAP Cloud nodes.

  10. On the Licensing page, change the ONTAP Cloud version as needed, select a license, an instance type, the instance tenancy, and then click Continue.

    If your needs change after you launch the instance, you can modify the license or instance type later.

    If a newer Release Candidate, General Availability, or patch release is available for the selected version, then Cloud Manager updates the system to that version when creating the working environment. For example, the update occurs if you select ONTAP Cloud 9.3 RC1 and ONTAP Cloud 9.3 GA is available. The update does not occur from one release to another—for example, from 9.2 to 9.3.
  11. If the NetApp Support Site credentials page is displayed, enter your NetApp Support Site credentials.

    Credentials are required for BYOL instances. For details, see Why you should link a tenant to your NetApp Support Site account.

  12. On the Underlying storage resources page, choose a single storage type or data tiering.

    The underlying AWS disk type is for the initial volume. You can choose a different disk type for subsequent volumes. For help choosing a disk type, see Choosing an AWS disk type.

  13. On the Disk Size page, select the default disk size for all disks in the initial aggregate.

    For help choosing a size, see Choosing disk size.

  14. On the Write Speed page, choose Normal or High.

    For help choosing between the options, see Choosing a write speed.

  15. On the Create Volume page, enter details for the new volume, and then click Continue.

    You might skip this step if you want to create a volume for iSCSI. Cloud Manager sets up volumes for NFS and CIFS only.

    Some of the fields in this page are self-explanatory. The following table describes fields for which you might need guidance:

    Field Description

    Size

    The maximum size that you can enter largely depends on whether you enable thin provisioning, which enables you to create a volume that is bigger than the physical storage currently available to it.

    Access control (for NFS only)

    An export policy defines the clients in the subnet that can access the volume. By default, Cloud Manager enters a value that provides access to all instances in the subnet.

    Permissions and Users / Groups (for CIFS only)

    These fields enable you to control the level of access to a share for users and groups (also called access control lists or ACLs). You can specify local or domain Windows users or groups, or UNIX users or groups. If you specify a domain Windows user name, you must include the user’s domain using the format domain\username.

    Volume Protection

    A Snapshot copy policy specifies the frequency and number of automatically created NetApp Snapshot copies. A NetApp Snapshot copy is a point-in-time file system image that has no performance impact and requires minimal storage. You can choose the default policy or none. You might choose none for transient data: for example, tempdb for Microsoft SQL Server.

    Usage Profile

    Usage profiles define the NetApp storage efficiency features that are enabled for a volume.
    For more information, see Understanding volume usage profiles.

    The following image shows the Volume page filled out for the CIFS protocol:

    Screen shot: Shows the Volume page filled out for a ONTAP Cloud instance.

  16. If you chose the CIFS protocol, set up a CIFS server on the ONTAP Cloud CIFS Setup page:

    Field Description

    DNS Primary and Secondary IP Address

    The IP addresses of the DNS servers that provide name resolution for the CIFS server.
    The listed DNS servers must contain the service location records (SRV) needed to locate the Active Directory LDAP servers and domain controllers for the domain that the CIFS server will join.

    Active Directory Domain to join

    The FQDN of the Active Directory (AD) domain that you want the CIFS server to join.

    Credentials authorized to join the domain

    The name and password of a Windows account with sufficient privileges to add computers to the specified Organizational Unit (OU) within the AD domain.

    CIFS server NetBIOS name

    A CIFS server name that is unique in the AD domain.

    Organizational Unit

    The organizational unit within the AD domain to associate with the CIFS server. The default is CN=Computers.

    DNS Domain

    The DNS domain for the ONTAP Cloud storage virtual machine (SVM). In most cases, the domain is the same as the AD domain.

  17. On the Review & Approve page, review and confirm your selections:

    1. Review details about the configuration.

    2. Click More information to review details about support and the AWS resources that Cloud Manager will purchase.

    3. Select the I understand…​ check boxes.

    4. Click Go.

Result

Cloud Manager launches the ONTAP Cloud instance. You can track the progress in the timeline.

If you experience any issues launching the ONTAP Cloud instance, review the failure message. You can also select the working environment and click Re-create environment.

For additional help, go to NetApp ONTAP Cloud Support.

After you finish
  • If you launched an ONTAP Cloud pay-as-you-go instance and the tenant is not linked to a NetApp Support Site account, manually register the instance with NetApp to enable support. For instructions, see Registering ONTAP Cloud instances.

    Support from NetApp is included with your ONTAP Cloud instance. To activate support, you must first register the instance with NetApp.

  • If you provisioned a CIFS share, give users or groups permissions to the files and folders and verify that those users can access the share and create a file.

  • If you want to apply quotas to volumes, use System Manager or the CLI.

    Quotas enable you to restrict or track the disk space and number of files used by a user, group, or qtree.

  • If this is the first ONTAP Cloud instance launched in AWS, remind your administrator to finish setting up AWS billing and cost management for Cloud Manager by enabling the WorkingEnvironmentId tag. This tag is not available in AWS until after you create your first ONTAP Cloud working environment under the AWS payer account.

Launching an ONTAP Cloud HA pair in AWS

If you want to launch an ONTAP Cloud HA pair in AWS, you need to create an ONTAP Cloud HA working environment in Cloud Manager.

Before you begin
  • You should have prepared by choosing a configuration and by obtaining AWS networking information from your administrator. For details, see Planning your ONTAP Cloud configuration.

  • If you purchased ONTAP Cloud BYOL licenses, you must have a 20-digit serial number (license key) for each node, and you must have credentials for a NetApp Support Site account if the tenant is not already associated with an account.

  • If you want to use CIFS, you must have set up DNS and Active Directory. For details, see AWS networking requirements.

About this task

Immediately after you create the working environment, Cloud Manager launches a test instance in the specified VPC to verify connectivity. If successful, Cloud Manager immediately terminates the instance and then starts deploying the ONTAP Cloud system. If Cloud Manager cannot verify connectivity, creation of the working environment fails. The test instance is either a t2.nano (for default VPC tenancy) or m3.medium (for dedicated VPC tenancy).

Steps
  1. On the Working Environments page, click Add environment.

  2. Under Create, select ONTAP Cloud HA.

  3. On the Details and Credentials page, enter a name for the working environment, add AWS tags if required, enter a password, and then click Continue.

    Some of the fields in this page are self-explanatory. The following table describes fields for which you might need guidance:

    Field Description

    Credentials

    These are the credentials for the ONTAP Cloud cluster admin account. You can use these credentials to connect to ONTAP Cloud through OnCommand System Manager or its CLI.

    Name

    Cloud Manager uses the working environment name to name the ONTAP Cloud cluster and the Amazon EC2 instances. It also uses the name as the prefix for the predefined security group, if you select that option.

    AWS tags

    AWS tags are metadata for your AWS resources. Cloud Manager adds the tags to the ONTAP Cloud instances and each AWS resource associated with the instances. For information about tags, refer to AWS Documentation: Tagging your Amazon EC2 Resources.

    If AWS keys were not specified for your Cloud Manager account, you are prompted to enter them after you click Continue. You must enter the AWS keys before you proceed.
  4. On the HA Deployment Models page, choose an HA configuration.

    For an overview of the deployment models, see ONTAP Cloud HA for AWS.

  5. On the Location page, enter the network information that you recorded in the AWS worksheet and then click Continue.

    The following image shows the Location page filled out for a multiple AZ configuration:

    Screen shot: Shows the VPC page filled out for an HA configuration. A different availability zone is selected for each instance.

  6. On the Connectivity and SSH Authentication page, choose connection methods for the HA pair and the mediator.

  7. If you chose multiple AZs, specify the floating IP addresses for the cluster management interface port and the two NFS/CIFS data ports and then click Continue.

    The IP addresses must be outside of the CIDR block for all VPCs in the region. For additional details, see AWS networking requirements for ONTAP Cloud HA in multiple AZs.

  8. If you chose multiple AZs, select the route tables that should include routes to the floating IP addresses and then click Continue.

    If you have more than one route table, it is very important to select the correct route tables. Otherwise, some clients might not have access to the ONTAP Cloud HA pair. For more information about route tables, refer to AWS Documentation: Route Tables.

  9. On the Data Encryption page, choose no data encryption, ONTAP Cloud-managed encryption, or AWS-managed encryption.

    To better understand these options, see Data encryption in AWS.

    For AWS-managed encryption, you can choose a different master key if more than one key is available in your account.

    If Cloud Manager was not set up for encryption, the Cloud Manager Admin must set it up. See Setting up ONTAP Cloud encryption.
  10. If you selected ONTAP Cloud encryption, select one to four key managers, select the certificate of the CA that signed the server certificate for each key manager, and then click Continue.

    The key manager CA certificate is for all selected key managers, which means the same certificate authority (CA) must have signed the server certificate for each key manager.
  11. On the ONTAP Cloud BYOL License page, specify whether you want to enter a license for this ONTAP Cloud system.

    To understand how licenses work, see Licensing.

  12. On the Preconfigured Packages page, select one of the packages to quickly launch an ONTAP Cloud system, or click Create my own configuration.

    If you choose one of the packages, you only need to specify a volume and then review and approve the configuration.

  13. On the IAM Role page, you should keep the default option to let Cloud Manager create the roles for you.

    If you prefer to use your own policy, it must meet policy requirements for ONTAP Cloud nodes.

  14. On the Licensing page, change the ONTAP Cloud version as needed, select a license, an instance type, the instance tenancy, and then click Continue.

    If your needs change after you launch the instances, you can modify the license or instance type later.

    If a newer Release Candidate, General Availability, or patch release is available for the selected version, then Cloud Manager updates the system to that version when creating the working environment. For example, the update occurs if you select ONTAP Cloud 9.3 RC1 and ONTAP Cloud 9.3 GA is available. The update does not occur from one release to another—for example, from 9.2 to 9.3.
  15. If the NetApp Support Site credentials page is displayed, enter your NetApp Support Site credentials.

    Credentials are required for BYOL instances. For details, see Why you should link a tenant to your NetApp Support Site account.

  16. On the Underlying storage resources page, choose a single storage type or data tiering.

    The underlying AWS disk type is for the initial volume. You can choose a different disk type for subsequent volumes. For help choosing a disk type, see Choosing an AWS disk type.

  17. On the Disk Size page, select the default disk size for all disks in the initial aggregate.

    For help choosing a size, see Choosing disk size.

  18. On the Write Speed page, choose Normal or High.

    For help choosing between the options, see Choosing a write speed.

  19. On the Create Volume page, enter details for the new volume, and then click Continue.

    You might skip this step if you want to create a volume for iSCSI. Cloud Manager sets up volumes for NFS and CIFS only.

    Some of the fields in this page are self-explanatory. The following table describes fields for which you might need guidance:

    Field Description

    Size

    The maximum size that you can enter largely depends on whether you enable thin provisioning, which enables you to create a volume that is bigger than the physical storage currently available to it.

    Access control (for NFS only)

    An export policy defines the clients in the subnet that can access the volume. By default, Cloud Manager enters a value that provides access to all instances in the subnet.

    Permissions and Users / Groups (for CIFS only)

    These fields enable you to control the level of access to a share for users and groups (also called access control lists or ACLs). You can specify local or domain Windows users or groups, or UNIX users or groups. If you specify a domain Windows user name, you must include the user’s domain using the format domain\username.

    Volume Protection

    A Snapshot copy policy specifies the frequency and number of automatically created NetApp Snapshot copies. A NetApp Snapshot copy is a point-in-time file system image that has no performance impact and requires minimal storage. You can choose the default policy or none. You might choose none for transient data: for example, tempdb for Microsoft SQL Server.

    Usage Profile

    Usage profiles define the NetApp storage efficiency features that are enabled for a volume.
    Understanding volume usage profiles

    The following image shows the Volume page filled out for the CIFS protocol:

    Screen shot: Shows the Volume page filled out for a ONTAP Cloud instance.

  20. If you selected the CIFS protocol, set up a CIFS server on the ONTAP Cloud CIFS Setup page:

    Field Description

    DNS Primary and Secondary IP Address

    The IP addresses of the DNS servers that provide name resolution for the CIFS server.
    The listed DNS servers must contain the service location records (SRV) needed to locate the Active Directory LDAP servers and domain controllers for the domain that the CIFS server will join.

    Active Directory Domain to join

    The FQDN of the Active Directory (AD) domain that you want the CIFS server to join.

    Credentials authorized to join the domain

    The name and password of a Windows account with sufficient privileges to add computers to the specified Organizational Unit (OU) within the AD domain.

    CIFS server NetBIOS name

    A CIFS server name that is unique in the AD domain.

    Organizational Unit

    The organizational unit within the AD domain to associate with the CIFS server. The default is CN=Computers.

    DNS Domain

    The DNS domain for the ONTAP Cloud storage virtual machine (SVM). In most cases, the domain is the same as the AD domain.

  21. On the Review & Approve page, review and confirm your selections:

    1. Review details about the configuration.

    2. Click More information to review details about support and the AWS resources that Cloud Manager will purchase.

    3. Select the I understand…​ check boxes.

    4. Click Go.

Result

Cloud Manager launches the ONTAP Cloud HA pair. You can track the progress in the timeline.

If you experience any issues launching the HA pair, review the failure message. You can also select the working environment and click Re-create environment.

For additional help, go to NetApp ONTAP Cloud Support.

After you finish
  • If you launched an ONTAP Cloud pay-as-you-go instance and the tenant is not linked to a NetApp Support Site account, manually register the instance with NetApp to enable support. For instructions, see Registering ONTAP Cloud instances.

    Support from NetApp is included with your ONTAP Cloud instance. To activate support, you must first register the instance with NetApp.

  • If you provisioned a CIFS share, give users or groups permissions to the files and folders and verify that those users can access the share and create a file.

  • If you want to apply quotas to volumes, use System Manager or the CLI.

    Quotas enable you to restrict or track the disk space and number of files used by a user, group, or qtree.

  • If this is the first ONTAP Cloud instance launched in AWS, remind your administrator to finish setting up AWS billing and cost management for Cloud Manager by enabling the WorkingEnvironmentId tag. This tag is not available in AWS until after you create your first ONTAP Cloud working environment under the AWS payer account.