Getting Started with Cloud Volumes ONTAP in AWS: The Setup Walkthrough

NetApp Cloud Volumes ONTAP is a fully-fledged version of ONTAP running natively in Google Cloud, AWS, and Azure that provides a homogeneous solution to meet enterprise storage needs across hybrid cloud architectures.

Cloud Volumes ONTAP brings ONTAP software’s broad value set to the cloud, including:

As a key part of the NetApp Data Fabric, Cloud Volumes ONTAP enables enterprise customers meet various cloud requirements such as lift and shift data migrations, disaster recovery and backup, helping customers accelerate time to market and realize the true value of cloud within a short space of time.

NetApp Cloud Manager provides simplified, centralized, single-pane-of-glass management, monitoring and automation for the end-to-end hybrid and multicloud storage environments. From this centralized interface you can deploy and manage Cloud Volumes ONTAP and other NetApp cloud services.

This blog will walk you through the prerequisite considerations for setting up Cloud Volumes ONTAP on AWS from Cloud Manager.

Jump down below using these links to get started:

Key Design Considerations

This section highlights the key design considerations which need to be understood and addressed prior to a Cloud Volumes ONTAP deployment.

Detailed product overview documentation for both Cloud Manager and Cloud Volumes ONTAP can be found here: NetApp Cloud Manager and Cloud Volumes ONTAP overview.

AWS Marketplace Subscription

In order for Cloud Manager to deploy Cloud Volumes ONTAP, users must be subscribed to Cloud Volumes ONTAP within the AWS Marketplace. This step is only required once, in order to accept and confirm the AWS EULA terms.

Watch here a demonstration of these steps.

  1. Log in to the AWS management console via an internet browser.
  2. Visit the NetApp Cloud Volumes ONTAP solution on the AWS Marketplace (on the same browser sharing the same session credentials). Select “Cloud Volumes ONTAP for AWS” (exact name):

    Visit the NetApp Cloud Volumes ONTAP solution on the AWS Marketplace
  3. Click “Continue to subscribe” at the top:

Cloud Volumes ONTAP for AWS - Product Overview

4. Click "Accept Terms":

Accept Terms

5. Verify subscription confirmation and close the browser tab/window: 

Close the browser tab/window

DO NOT click the “continue to configuration” option as Cloud Volumes ONTAP should only be deployed via Cloud Manager and not directly on the AWS Marketplace. All that is required here is to ensure the marketplace subscription is in place so that Cloud Manager has all the prerequisites required to automatically deploy the Cloud Volumes ONTAP appliance as needed.

AWS Account and Permissions

When deploying Cloud Volumes ONTAP from NetApp Cloud Central, you need to use an AWS account that has sufficient permission within the AWS subscription to deploy the Cloud Manager instance.

In this section, we’ll show how to create an AWS account with the required IAM (Identity and Access Management) policy in order to prepare your AWS environment to deploy Cloud Volumes ONTAP.

  1. Go to the Cloud Manager policies for AWS & Azure page.
  2. Click the Connector deployment policy for AWS hyperlink

    Screen Shot 2021-12-01 at 12.44.41
  3. Copy the content of the JSON file that is required to create the IAM access policy on AWS:

    Screen Shot 2021-12-01 at 12.46.09
  4. Now go to the AWS management console and click on the “Services” menu at the top. Click on IAM under “Security, Identity & Compliance”:

Screen Shot 2021-12-01 at 12.47.25

5. Go to Policies and click “Create Policy”:

Screen Shot 2021-12-01 at 12.48.55

6. Click JSON and paste the content copied from the JSON file in step 4 above and click “Next: Tags.” (Ignore any policy validation warnings that appears):

Screen Shot 2021-12-01 at 12.49.44

7. Create any tags if necessary and then click “Next:Review”:

Screen Shot 2021-12-01 at 12.50.28

8. Provide a unique policy name (staying in line with any best practice naming conventions) and a description and click “Create policy”:

Screen Shot 2021-12-01 at 12.51.13

You now have an IAM access policy called “NetAppCloudCentral”.

9. Next, we will define a new user and attach the policy to the new user. Go to the “Users” menu option on the left-hand side and click “Add user”:

Screen Shot 2021-12-01 at 12.52.14

10. Add a new user and select the “Programmatic Access” check box. Click “Next: Permissions” when complete:

Screen Shot 2021-12-01 at 12.53.07

11. In the next window, select “Attach existing policies directly” and search for the policy created in Step 8 above and click “Next: Tags”:

Screen Shot 2021-12-01 at 12.53.53

12. Click “Next: Review” on the next screen.

Screen Shot 2021-12-01 at 12.54.43

13. Click “Create user” on the final screen:

Screen Shot 2021-12-01 at 12.55.27

14. In the next window, please make sure to note the “Access key ID” as well as the “Secret access key,” as these will be required for the initial deployment of Cloud Volumes ONTAP. Alternatively, you can download the credentials as a .csv file and store in a secure location:

Screen Shot 2021-12-01 at 12.56.07

Your AWS subscription is now prepared with the appropriate user account and associated access policy, and ready for Cloud Volumes ONTAP to be deployed.

NetApp Cloud Volumes ONTAP Deployment

Now that the prerequisites in AWS are completed, we can initialize the deployment steps for Cloud Volumes ONTAP.

Choose a Cloud Provider

  1. Log in to NetApp Cloud Central or sign up for a new account.
  2. In the Fabric View, click “Go to Cloud Manager” under Cloud Volumes ONTAP:

    Screen Shot 2021-12-01 at 12.57.48
  3. Select "AWS":

    Screen Shot 2021-12-01 at 12.59.24
  4. Select between Cloud Volumes ONTAP Single node or Cloud Volumes ONTAP High Availability for redundancy and click “Continue”:

Screen Shot 2021-12-01 at 13.00.19

Connect to Cloud Manager

  1. The next step is where your Service Connector will be created. A Service Connector is basically an instance that needs to be deployed in AWS that acts like an agent working to provide communication between Cloud Manager and Cloud Volumes ONTAP.

    The Connector only needs to be created once for a specific cloud environment. If you plan to launch other Cloud Volumes ONTAP nodes in the future, you can use this same Connector or create a new one in a separate AWS environment if needed. For more information about Service Connector please visit this link.

    Click on “Let's Start”:

Screen Shot 2021-12-01 at 13.01.33

2. Select AWS and click “Continue”:

Screen Shot 2021-12-01 at 13.02.10

3. On this screen you will see some of the requirements already mentioned as prerequisites which were covered in the previous section of this article. Click “Continue” to proceed:

Screen Shot 2021-12-01 at 13.03.47

4. Now you need to select the region where the Service Connector instance is going to be deployed and enter an existing AWS public and secret key pair (which is one of the prerequisites from the previous section). When you are done, click “Continue”:

Screen Shot 2021-12-01 at 13.04.31

5. In the Details screen, provide the Service Connector with a name and either create a new role or choose an existing one.

Cloud Manager creates a role for you with the necessary requirements. If you go for an existing role, make sure it meets this set of policies. Click on “Next” when you are done:

Screen Shot 2021-12-01 at 13.05.25

6. This will take you to the Network screen. In this screen you need to define the following: 

  • VPC where the instance will be deployed
  • Subnet
  • Key Pair (you must create a key pair if you don’t have one)
  • Enable or disable a public IP for access to the instance
  • Proxy configuration if needed

Screen Shot 2021-12-01 at 13.06.19

7. In this step you will create a new security group to be used by Cloud Manager or select an existing security group.

For the purpose of this article, we will create a new security group and set communication permission from anywhere to the Service Connector Instance. The Service Connector requires HTTP, HTTPS, and SSH inbound connections to be permitted as these are the protocols used by Cloud Manager. In a production deployment however, it is highly recommended to set strict access control to limit the network communication only to specific hosts that need it.

When you are done, click on “Next”:

Screen Shot 2021-12-01 at 13.07.08

8. In the Review screen, go through all the information previously entered and when ready click on Add:

Screen Shot 2021-12-01 at 13.07.47

The creation process takes around 7 minutes after which you will get the screen below:

Screen Shot 2021-12-01 at 13.08.25

Define Cloud Volumes ONTAP

1. Now that the Service Connector has been created, it's time to complete the Cloud Volumes ONTAP deployment. You will land back to the Cloud Volumes ONTAP creation screen where you need to choose your deployment model, either single node or HA:

Screen Shot 2021-12-01 at 13.09.402. In the Details and Credentials step you need to provide your ONTAP cluster with a name and the admin credentials that will be used to access the cluster.

Also, this is where you associate your AWS Cloud Volumes ONTAP Marketplace subscription (mentioned in the previous section of this article) to your Cloud Manager Account. We will cover this in the next step. Click on the “Edit Credentials” button at the upper right of the wizard:

Screen Shot 2021-12-01 at 13.10.23

3. In this thread, we'll show how to set up a Cloud Manager subscription in the AWS Marketplace.

In the Edit Credentials & Add Subscription pop-up screen click on “Add Subscription”:

Screen Shot 2021-12-01 at 13.12.22

3.1. Choose the payment model, then click “Continue” to proceed:

Screen Shot 2021-12-01 at 13.14.32

3.2. You will be taken to a separate AWS tab in order to confirm your Cloud Manager subscription. Click on “Continue to Subscribe”:

Screen Shot 2021-12-02 at 11.20.44

3.3. You'll now be taken to the AWS login screen. Provide your AWS credentials and log in:

Screen Shot 2021-12-02 at 11.23.07

3.4. After logging in you will land into the subscription page. When you get there, click on “Subscribe”:

Screen Shot 2021-12-02 at 11.24.17

3.5. In the pop-up box, click on “Set up your Account”:

Screen Shot 2021-12-02 at 11.25.10

3.6. This will redirect you back to the Cloud Manager. In the Subscription Assignment screen, click on “Save”:

Screen Shot 2021-12-02 at 11.25.55

4. In your browser, go back to your Cloud Manager deployment wizard tab where we last left it in step 2 above.

Click on “Edit Credentials” and when the same pop-up box appears, you should now see your subscription available in the “Subscription” tab. Select it and click on “Apply”:

Screen Shot 2021-12-02 at 11.26.44

5. Now we’re back to where we were in step 2 above, only now we have the AWS Marketplace Subscription confirmed, and we can continue.

If you haven’t done so already, add a name for the working environment and your credentials. Click “Continue” when you’re done:

Screen Shot 2021-12-02 at 11.27.32

6. In the Services step you can choose to add additional services such as Cloud Data Sense and Cloud Backup:

Screen Shot 2021-12-02 at 11.28.13

7. In the Location and Connectivity screen, you need to specify the following settings:

  • AWS Region where Cloud Volumes ONTAP will be deployed
  • VPC
  • Subnet within the VPC
  • Security Group: If you choose “Generated Security Group,” Cloud Manager creates the necessary inbound and outbound AWS rules for the proper functioning of Cloud Volumes ONTAP. If you select “Use Existing Security Group,” make sure it complies with the recommended settings listed here.
  • SSH Authentication method in case you connect via SSH with the ONTAP cluster.

When you are done, click on “Continue”:

Screen Shot 2021-12-02 at 11.29.08

8. In this next step you have the option to apply AWS encryption keys to the data stored in Cloud Volumes ONTAP. If you don't have an existing key in AWS KMS, the default AWS Master Key is going to be used.

Select an existing key or simply click on “Continue”:

Screen Shot 2021-12-02 at 11.30.00

9. Now you need to choose the Licensing model, either Pay As You Go or BYOL. You will also need to click the link to subscribe to the NetApp Support Site Account, which is mostly required for BYOL purchases.

For more information about NetApp Service Site Accounts, you can click on the “Learn more about NetApp Support Site (NSS) accounts” link. When you are done, click on “Continue”:

Screen Shot 2021-12-02 at 11.30.57

10. You are now presented with pre-configured Cloud Volumes ONTAP deployment options which offer pre-defined storage setups optimized for specific workloads. Select the option that best fits your needs, or go to the upper right option where it says “Change Configuration” to define your own setup:

Screen Shot 2021-12-02 at 11.31.37

Define a Volume

In the Create Volume step you are prompted to create your first volume within Cloud Volumes ONTAP.

  1. You need to provide the following details:
    • Volume name and size
    • Snapshot policy if any
    • Protocol to be used by the volume (CIFS, NFS or iSCSI)
    • Access Policy

Note that this step is optional and can be skipped if you don’t want to create a storage volume just yet.

If you are setting up a volume, enter all the preferred details and then click “Continue.” Click “Skip” if you’d rather not create a volume now.

Screen Shot 2021-12-02 at 11.33.04

2. Now you are presented with the option of including the storage efficiency features in your Cloud Volumes ONTAP setup (deduplication, compression, thin provisioning) for a more efficient management of your storage resources.

Once you are done, click “Continue:”

Screen Shot 2021-12-02 at 11.33.55

Approve and Complete

In this final screen you can review all the details you’ve entered up to this point and see the Networking and Storage options selected for your Cloud Volumes ONTAP instance in AWS.

  1. Go through the list to verify the details, tick the checkboxes, and then click on “Go” to proceed:

    Screen Shot 2021-12-02 at 11.34.32
  2. You will now get redirected to the canvas and you'll be able to see the Cloud Volumes ONTAP instance initializing. It might take around 20 minutes for the instance to get up and running:

    Screen Shot 2021-12-02 at 11.35.12
  3. Now the new Cloud Volumes ONTAP instance is ready:

    Screen Shot 2021-12-02 at 11.35.49

Conclusion

Now that you have Cloud Volumes ONTAP in AWS you can start enjoying all the enterprise class data management features natively on AWS.

New call-to-action

Cloud Solution Architect

-