Cloud Volumes ONTAP enables enterprise customers to meet various cloud requirements such as lift and shift data migrations, disaster recovery, and backup, helping customers accelerate time to market and realize the true value of cloud within a short space of time.
NetApp Cloud Manager provides simplified, centralized, single-pane-of-glass management, monitoring, and automation for the end-to-end hybrid and multi-cloud storage environments.
This guide will walk you through the prerequisite considerations and setting up Cloud Volumes ONTAP on AWS, including the Cloud Manager deployment steps required for you to successfully start deploying volumes
This section highlights the key design considerations which need to be understood and addressed prior to a Cloud Manager and a Cloud Volumes ONTAP deployment.
In order for Cloud Manager to deploy Cloud Volumes ONTAP, users must be subscribed to Cloud Volumes ONTAP within the AWS Marketplace. This step is only required once, in order to accept and confirm the AWS EULA terms.
Watch here a demonstration of these steps.
1. Log into the AWS management console via an internet browser.
2. Visit the NetApp Cloud Volumes ONTAP solution on the AWS Marketplace (on the same browser sharing the same session credentials). Selects "Cloud Volumes ONTAP for AWS" (exact name):
3. Click "Continue to subscribe" at the top:
4. Click "Accept Terms":
5. Verify subscription confirmation and close the browser tab/window:
DO NOT click the “continue to configuration” option as Cloud Volumes ONTAP should only be deployed via Cloud Manager and not directly on the AWS Marketplace. All that is required here is to ensure the marketplace subscription is in place so that Cloud Manager has all the prerequisites required to automatically deploy the Cloud Volumes ONTAP appliance as needed.
When deploying Cloud Manager from NetApp Cloud Central, you need to use an AWS account that has sufficient permission within the AWS subscription to deploy the Cloud Manager instance.
In this section, we’ll show how to create an AWS account with the required IAM (Identity and Access Management) policy in order to prepare your AWS environment to deploy Cloud Manager. Watch here a demonstration of these steps.
1. Go to the Cloud Manager policies for AWS & Azure page
2. Click “I’m deploying Cloud Manager from NetApp Cloud Central” link:
4. Copy the content of the JSON file that is required to create the IAM access policy on AWS:
5. Now go to the AWS management console and click on the "Services" menu at the top.
Click on IAM under "security, Identify & Compliance":
6. Go to Policies and click "Create Policy":
7. Click JSON and paste the content copied from the JSON file in step 4 above and click "Review policy." (Ignore any policy validation warnings that appears):
8. Provide a unique policy name (staying in line with any best practice naming conventions) and a description and click "Create policy":
You now have an IAM access policy called "NetAppCloudCentral".
9. Next we will define a new user and attach the policy to the new user. Go to the "Users" menu option on the left-hand side and click "Add user":
10. Add a new user and select the "Programmatic Access" check box. Click "Next: Permissions" when complete:
11. In the next window, select "Attach existing policies directly" and search for the policy created in Step 8 above and click "Next: Tags":
12. Click "Next: Review" on the next screen.
13. Click "Create user" on the final screen:
14. In the next window, please make sure to note the "Access key ID", as these will be required for the initial deployment of Cloud Manager. Alternatively, you can download the credentials as a .csv file and store in a secure location:
Your AWS subscription is now prepared with the appropriate user account and associated access policy, and ready for NetApp Cloud Manager to be deployed.
Now that the prerequisites in AWS are completed, we can initialize the deployment steps for Cloud Manager. Watch here a demonstration of these steps.
1. Log in to NetApp Cloud Central and select "Fabric View" at the top right corner of the screen..
2. In the Fabric View, click "Start Free Trial" under Cloud Volumes ONTAP.
3. Select "AWS":
4. Provide the AWS Access Key and AWS Secret Key that were recorded for the new user account (Step 14 of the "AWS Account & Permissions" section above) and click "Continue".
5. Now provide a name for the Cloud Manager instance, select the AWS region, VPC and subnet where the Cloud Manager instance needs to be deployed.
Note that while Cloud Manager can be deployed to any AWS region, if you plan to deploy and manage Cloud Volume ONTAP instances in other regions, network connectivity between the Cloud Manager and Cloud Volumes ONTAP VPCs is required. (As outlined within the “Key design considerations” section above). An example of such a case may be in a disaster recovery use case where the secondary copy is typically deployed in a separate region. Click “Continue” when complete:
6. Under the Network settings, select the appropriate key paid and click continue:
7. Now create a new security group to be used by Cloud Manager or select an existing security group. For the purpose of this article, we will create a new security group and set communication permission from anywhere to the Cloud Manager instance using this deployment wizard:
In a production deployment however, it is highly recommended to set strict access control to limit the network communication only to the specific Cloud Manager endpoints required for advanced security. If this security group was pre-created and already in place, it can be selected here instead of creating a new one.
Click “Go” once complete.
8. Cloud Manager deployment has now started. This may take around 30 minutes to complete:
9. Once the deployment is completed, you will be automatically directed to the Cloud Manager management UI where you can start provisioning Cloud Volume ONTAP instances and creating additional working environments:
10. If you go to the AWS management console and browse through instances, you will see that the Cloud Manager appliance has successfully been deployed:
11. If you navigate to EC2 > Network & Security > Security groups, you will also notice the new AWS Security Group created during the Cloud Manager deployment. This can be modified to amend the inbound and outbound rules to secure the network access as required (recommended if no security group permissions were set during the Cloud Manager deployment):
There are optional additional configuration items that can also be performed once the Cloud Manager appliance has been deployed. Please refer to the below documentation for if required:
Now that you have all the necessary prerequisites in place, you can go ahead with deploying Cloud Volumes ONTAP in AWS and enjoy all the enterprise class data management features natively on AWS.
