Skip to main content

Prepare to use AutoSupport

Contributors dmp-netapp netapp-dbagwell netapp-aaron-holt netapp-ahibbard netapp-aherbin
PDFs

You can configure an ONTAP cluster to deliver AutoSupport messages to NetApp. As part of this, you can also send a copy of the messages to local email addresses, typically within your organization. You should prepare to configure AutoSupport by reviewing the available options.

Deliver AutoSupport messages to NetApp

AutoSupport messages can be delivered to NetApp using either HTTPS or SMTP protocols. Beginning with ONTAP 9.15.1, you can also use TLS with SMTP.

Tip Use HTTPS whenever possible for communication with AutoSupport OnDemand and uploads of large files.

Also note the following:

  • Only one delivery channel to NetApp can be configured for the AutoSupport messages. You cannot use two protocols to deliver AutoSupport messages to NetApp.

  • AutoSupport limits the maximum file size for each protocol. If the size of an AutoSupport message exceeds the configured limit, AutoSupport delivers as much of the message as possible but truncation will occur.

  • You can change the maximum file size if needed. Learn more about the system node autosupport modify command in the ONTAP command reference.

  • Both protocols can be transported over IPv4 or IPv6 based on the address family to which the name resolves.

  • The TCP connection established by ONTAP to send AutoSupport messages is temporary and short-lived.

HTTPS

This provides the most robust features. Note the following:

  • AutoSupport OnDemand and the transfer of large files are supported.

  • An HTTPS PUT request is attempted first. If the request fails during transmission, the request restarts where it stopped.

  • If the server does not support PUT, the HTTPS POST method is used instead.

  • The default limit for HTTPS transfers is 50 MB.

  • The HTTPS protocol uses port 443.

SMTP

As a general rule, you should use SMTP only if HTTPS is not allowed or is unsupported. Note the following:

  • AutoSupport OnDemand and transfers of large files are not supported.

  • If SMTP sign-in credentials are configured, they are sent unencrypted and in the clear.

  • The default limit for transfers is 5 MB.

  • The unsecured SMTP protocol uses port 25.

Improve SMTP security with TLS

When using SMTP, all traffic is unencrypted and can be easily intercepted and read. Beginning with ONTAP 9.15.1 you can also use TLS with SMTP (SMTPS). In this case, explicit TLS is used which activates the secure channel after the TCP connection is established.

The following port is typically used for SMTPS: Port 587

Additional configuration considerations

There are a few additional considerations when configuring AutoSupport.

For more information about the commands relevant to these considerations, refer to Set up AutoSupport.

Send a local copy using email

Regardless of the protocol used to deliver AutoSupport messages to NetApp, you can also send a copy of each message to one or more local email addresses. For example, you might send messages to your internal support organization or a partner organization.

Note If you deliver messages to NetApp using SMTP (or SMTPS) and you also send local email copies of those messages, the same email server configuration is used.

HTTP proxy

Depending on your network configuration, the HTTPS protocol might require additional configuration of a proxy URL. If HTTPS is used to send AutoSupport messages to technical support and you have a proxy, you must identify the URL for the proxy. If the proxy uses a port other than the default (port 3128), you can specify the port for that proxy. You can also optionally specify a user name and password for proxy authentication.

Install the server certificate

With TLS (HTTPS or SMTPS), the certificate downloaded from the server is validated by ONTAP based on the root CA certificate. Before using HTTPS or SMTPS, you need to make sure the root certificate is installed in ONTAP and that ONTAP can validate the server certificate. This validation is performed based on the CA that signed the server certificate.

ONTAP includes a large number of pre-installed root CA certificates. In many cases, the certificate for your server will be immediately recognized by ONTAP without additional configuration. Depending on how the server certificate was signed, you might need to install a root CA certificate and any intermediate certificates.

Use the following procedure to install the certificate, if needed. You should install all required certificates at the cluster level.

System Manager

  1. In System Manager, select Cluster > Settings.

  2. Scroll down to the Security section.

  3. Select Arrow icon next to Certificates.

  4. Under the Trusted certificate authorities tab click Add.

  5. Click Import and select the certificate file.

  6. Complete the configuration parameters for your environment.

  7. Click Add.

Related information