Release notes
Prepare to use AutoSupport
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
You can configure an ONTAP cluster to deliver AutoSupport messages to NetApp. As part of this, you can also send a copy of the messages to local email addresses, typically within your organization. You should prepare to configure AutoSupport by reviewing the available options.
Deliver AutoSupport messages to NetApp
AutoSupport messages can be delivered to NetApp using either HTTPS or SMTP protocols. Beginning with ONTAP 9.15.1, you can also use TLS with SMTP.
|
Use HTTPS whenever possible for communication with AutoSupport OnDemand and uploads of large files. |
Also note the following:
-
Only one delivery channel to NetApp can be configured for the AutoSupport messages. You cannot use two protocols to deliver AutoSupport messages to NetApp.
-
AutoSupport limits the maximum file size for each protocol. If the size of an AutoSupport message exceeds the configured limit, AutoSupport delivers as much of the message as possible but truncation will occur.
-
You can change the maximum file size if needed. Learn more about the
system node autosupport modifycommand in the ONTAP command reference. -
Both protocols can be transported over IPv4 or IPv6 based on the address family to which the name resolves.
-
The TCP connection established by ONTAP to send AutoSupport messages is temporary and short-lived.
HTTPS
This provides the most robust features. Note the following:
-
AutoSupport OnDemand and the transfer of large files are supported.
-
An HTTPS PUT request is attempted first. If the request fails during transmission, the request restarts where it stopped.
-
If the server does not support PUT, the HTTPS POST method is used instead.
-
The default limit for HTTPS transfers is 50 MB.
-
The HTTPS protocol uses port 443.
SMTP
As a general rule, you should use SMTP only if HTTPS is not allowed or is unsupported. Note the following:
-
AutoSupport OnDemand and transfers of large files are not supported.
-
If SMTP sign-in credentials are configured, they are sent unencrypted and in the clear.
-
The default limit for transfers is 5 MB.
-
The unsecured SMTP protocol uses port 25.
When using SMTP, all traffic is unencrypted and can be easily intercepted and read. Beginning with ONTAP 9.15.1 you can also use TLS with SMTP (SMTPS). In this case, explicit TLS is used which activates the secure channel after the TCP connection is established.
The following port is typically used for SMTPS: Port 587
Additional configuration considerations
There are a few additional considerations when configuring AutoSupport.
For more information about the commands relevant to these considerations, refer to Set up AutoSupport.
Send a local copy using email
Regardless of the protocol used to deliver AutoSupport messages to NetApp, you can also send a copy of each message to one or more local email addresses. For example, you might send messages to your internal support organization or a partner organization.
|
If you deliver messages to NetApp using SMTP (or SMTPS) and you also send local email copies of those messages, the same email server configuration is used. |
HTTP proxy
Depending on your network configuration, the HTTPS protocol might require additional configuration of a proxy URL. If HTTPS is used to send AutoSupport messages to technical support and you have a proxy, you must identify the URL for the proxy. If the proxy uses a port other than the default (port 3128), you can specify the port for that proxy. You can also optionally specify a user name and password for proxy authentication.
Install the server certificate
With TLS (HTTPS or SMTPS), the certificate downloaded from the server is validated by ONTAP based on the root CA certificate. Before using HTTPS or SMTPS, you need to make sure the root certificate is installed in ONTAP and that ONTAP can validate the server certificate. This validation is performed based on the CA that signed the server certificate.
ONTAP includes a large number of pre-installed root CA certificates. In many cases, the certificate for your server will be immediately recognized by ONTAP without additional configuration. Depending on how the server certificate was signed, you might need to install a root CA certificate and any intermediate certificates.
Use the following procedure to install the certificate, if needed. You should install all required certificates at the cluster level.
-
In System Manager, select Cluster > Settings.
-
Scroll down to the Security section.
-
Select
next to Certificates. -
Under the Trusted certificate authorities tab click Add.
-
Click Import and select the certificate file.
-
Complete the configuration parameters for your environment.
-
Click Add.
-
Begin the installation:
security certificate install -type server-caCli -
Look for the following console message:
Please enter Certificate: Press <Enter> when done
-
Open the certificate file with a text editor.
-
Copy the entire certificate including the following lines:
-----BEGIN CERTIFICATE----- <certificate_value> -----END CERTIFICATE-----
-
Paste the certificate into the terminal after the command prompt.
-
Press Enter to complete the installation.
-
Confirm the certificate is installed by running one of the following commands:
security certificate show-user-installedClisecurity certificate showCli
