Azure networking requirements

You must set up your Azure networking so that Cloud Manager can deploy ONTAP Cloud systems and so those systems can operate properly.

Outbound internet access

Outbound internet access is required to enable communication between Cloud Manager and Azure services, to access software images in Amazon S3, and to enable technical support from NetApp. You must ensure that network security groups assigned to the VNet or subnets do not block outbound internet access.

Note the following:
  • If you have a proxy, you must configure Cloud Manager to use it. You can do so when using the Cloud Manager Setup wizard.
  • For VPN configurations, routing and firewall policies must allow Azure HTTP/HTTPS traffic to support.netapp.com so ONTAP Cloud can send AutoSupport messages.

Security groups

You do not need to create security groups because Cloud Manager does that for you.

Security group rules

Connection between Cloud Manager and ONTAP Cloud subnets

Cloud Manager requires a connection to the subnets in which you deploy ONTAP Cloud systems.

If Cloud Manager is not installed in the target VNet, it must have network connectivity to that VNet. For example, if you install Cloud Manager in AWS or in your corporate network, you must set up a VPN connection to the VNet in which you deploy ONTAP Cloud systems.

Connections to ONTAP systems in other networks

To replicate data between an ONTAP Cloud system in Azure and ONTAP systems in other networks, you must have a VPN connection between the Azure VNet and the other network—for example, an AWS VPC or your corporate network.

Connection to the Cloud Manager web console

Users must access Cloud Manager from a web browser. If you deploy Cloud Manager in Azure, the easiest way to provide access is by allocating a public IP address. However, if you want to use a private IP address instead, users can access the console through either of the following:
  • A jump host in the VNet that has a connection to Cloud Manager
  • A host in your network that has a VPN connection to the private IP address