Launching Cloud Volumes ONTAP in Azure
Contributors Download PDF of this page
You can launch a single node system or an HA pair in Azure by creating a Cloud Volumes ONTAP working environment in Cloud Manager.
You should have a Connector that is associated with your workspace.
You must be an Account Admin to create a Connector. When you create your first Cloud Volumes ONTAP working environment, Cloud Manager prompts you to create a Connector if you don’t have one yet.
You should have chose a configuration and obtained Azure networking information from your administrator. For details, see Planning your Cloud Volumes ONTAP configuration.
To deploy a BYOL system, you need the 20-digit serial number (license key) for each node.
When Cloud Manager creates a Cloud Volumes ONTAP system in Azure, it creates several Azure objects, such as a resource group, network interfaces, and storage accounts. You can review a summary of the resources at the end of the wizard.
Potential for Data Loss
Deploying Cloud Volumes ONTAP in an existing, shared resource group is not recommended due to the risk of data loss. While rollback is currently disabled by default when using the API to deploy into an existing resource group, deleting Cloud Volumes ONTAP will potentially delete other resources from that shared group.
The best practice is to use a new, dedicated resource group for Cloud Volumes ONTAP. This is the default and only recommended option when deploying Cloud Volumes ONTAP in Azure from Cloud Manager.
On the Working Environments page, click Add Working Environment and follow the prompts.
Choose a Location: Select Microsoft Azure and Cloud Volumes ONTAP Single Node or Cloud Volumes ONTAP High Availability.
Details and Credentials: Optionally change the Azure credentials and subscription, specify a cluster name and resource group name, add tags if needed, and then specify credentials.
The following table describes fields for which you might need guidance:
Working Environment Name
Cloud Manager uses the working environment name to name both the Cloud Volumes ONTAP system and the Azure virtual machine. It also uses the name as the prefix for the predefined security group, if you select that option.
Resource Group Name
Keep the default name for the new resource group or uncheck Use Default and enter your own name for the new resource group.
The best practice is to use a new, dedicated resource group for Cloud Volumes ONTAP. While it is possible to deploy Cloud Volumes ONTAP in an existing, shared resource group by using the API, it’s not recommended due to the risk of data loss. See the warning above for more details.
Tags are metadata for your Azure resources. When you enter tags in this field, Cloud Manager adds them to the resource group associated with the Cloud Volumes ONTAP system.
You can add up to four tags from the user interface when creating a working environment, and then you can add more after its created. Note that the API does not limit you to four tags when creating a working environment.
For information about tags, refer to Microsoft Azure Documentation: Using tags to organize your Azure resources.
User name and password
These are the credentials for the Cloud Volumes ONTAP cluster admin account. You can use these credentials to connect to Cloud Volumes ONTAP through OnCommand System Manager or its CLI.
You can choose different Azure credentials and a different Azure subscription to use with this Cloud Volumes ONTAP system. You need to associate an Azure Marketplace subscription with the selected Azure subscription in order to deploy a pay-as-you-go Cloud Volumes ONTAP system. Learn how to add credentials.
The following video shows how to associate a Marketplace subscription to an Azure subscription:
Services: Keep the services enabled or disable the individual services that you don’t want to use with Cloud Volumes ONTAP.
Location & Connectivity: Select a location and security group and select the checkbox to confirm network connectivity between Cloud Manager and the target location.
License and Support Site Account: Specify whether you want to use pay-as-you-go or BYOL, and then specify a NetApp Support Site account.
To understand how licenses work, see Licensing.
A NetApp Support Site Account is optional for pay-as-you-go, but required for BYOL systems. Learn how to add NetApp Support Site accounts.
Preconfigured Packages: Shelect one of the packages to quickly deploy a Cloud Volumes ONTAP system, or click Create my own configuration.
If you choose one of the packages, you only need to specify a volume and then review and approve the configuration.
Licensing: Change the Cloud Volumes ONTAP version as needed, select a license, and select a virtual machine type.
If your needs change after you launch the system, you can modify the license or virtual machine type later.
If a newer Release Candidate, General Availability, or patch release is available for the selected version, then Cloud Manager updates the system to that version when creating the working environment. For example, the update occurs if you select Cloud Volumes ONTAP 9.6 RC1 and 9.6 GA is available. The update does not occur from one release to another—for example, from 9.6 to 9.7.
Subscribe from the Azure Marketplace: Follow the steps if Cloud Manager could not enable programmatic deployments of Cloud Volumes ONTAP.
Underlying Storage Resources: Choose settings for the initial aggregate: a disk type, a size for each disk, and whether data tiering to Blob storage should be enabled.
Note the following:
The disk type is for the initial volume. You can choose a different disk type for subsequent volumes.
The disk size is for all disks in the initial aggregate and for any additional aggregates that Cloud Manager creates when you use the simple provisioning option. You can create aggregates that use a different disk size by using the advanced allocation option.
For help choosing a disk type and size, see Sizing your system in Azure.
You can choose a specific volume tiering policy when you create or edit a volume.
If you disable data tiering, you can enable it on subsequent aggregates.
Write Speed & WORM (single node systems only): Choose Normal or High write speed, and activate write once, read many (WORM) storage, if desired.
WORM can’t be enabled if data tiering was enabled.
Secure Communication to Storage & WORM (HA only): Choose whether to enable an HTTPS connection to Azure storage accounts, and activate write once, read many (WORM) storage, if desired.
The HTTPS connection is from a Cloud Volumes ONTAP 9.7 HA pair to Azure storage accounts. Note that enabling this option can impact write performance. You can’t change the setting after you create the working environment.
Create Volume: Enter details for the new volume or click Skip.
Some of the fields in this page are self-explanatory. The following table describes fields for which you might need guidance:
The maximum size that you can enter largely depends on whether you enable thin provisioning, which enables you to create a volume that is bigger than the physical storage currently available to it.
Access control (for NFS only)
An export policy defines the clients in the subnet that can access the volume. By default, Cloud Manager enters a value that provides access to all instances in the subnet.
Permissions and Users / Groups (for CIFS only)
These fields enable you to control the level of access to a share for users and groups (also called access control lists or ACLs). You can specify local or domain Windows users or groups, or UNIX users or groups. If you specify a domain Windows user name, you must include the user’s domain using the format domain\username.
A Snapshot copy policy specifies the frequency and number of automatically created NetApp Snapshot copies. A NetApp Snapshot copy is a point-in-time file system image that has no performance impact and requires minimal storage. You can choose the default policy or none. You might choose none for transient data: for example, tempdb for Microsoft SQL Server.
Advanced options (for NFS only)
Select an NFS version for the volume: either NFSv3 or NFSv4.
Initiator group and IQN (for iSCSI only)
iSCSI storage targets are called LUNs (logical units) and are presented to hosts as standard block devices.
Initiator groups are tables of iSCSI host node names and control which initiators have access to which LUNs.
iSCSI targets connect to the network through standard Ethernet network adapters (NICs), TCP offload engine (TOE) cards with software initiators, converged network adapters (CNAs) or dedicated host bust adapters (HBAs) and are identified by iSCSI qualified names (IQNs).
When you create an iSCSI volume, Cloud Manager automatically creates a LUN for you. We’ve made it simple by creating just one LUN per volume, so there’s no management involved. After you create the volume, use the IQN to connect to the LUN from your hosts.
The following image shows the Volume page filled out for the CIFS protocol:
CIFS Setup: If you chose the CIFS protocol, set up a CIFS server.
DNS Primary and Secondary IP Address
The IP addresses of the DNS servers that provide name resolution for the CIFS server.
The listed DNS servers must contain the service location records (SRV) needed to locate the Active Directory LDAP servers and domain controllers for the domain that the CIFS server will join.
Active Directory Domain to join
The FQDN of the Active Directory (AD) domain that you want the CIFS server to join.
Credentials authorized to join the domain
The name and password of a Windows account with sufficient privileges to add computers to the specified Organizational Unit (OU) within the AD domain.
CIFS server NetBIOS name
A CIFS server name that is unique in the AD domain.
The organizational unit within the AD domain to associate with the CIFS server. The default is CN=Computers.
To configure Azure AD Domain Services as the AD server for Cloud Volumes ONTAP, you should enter OU=AADDC Computers or OU=AADDC Users in this field.
Azure Documentation: Create an Organizational Unit (OU) in an Azure AD Domain Services managed domain
The DNS domain for the Cloud Volumes ONTAP storage virtual machine (SVM). In most cases, the domain is the same as the AD domain.
Select Use Active Directory Domain to configure an NTP server using the Active Directory DNS. If you need to configure an NTP server using a different address, then you should use the API. See the Cloud Manager API Developer Guide for details.
Usage Profile, Disk Type, and Tiering Policy: Choose whether you want to enable storage efficiency features and change the volume tiering policy, if needed.
Review & Approve: Review and confirm your selections.
Review details about the configuration.
Click More information to review details about support and the Azure resources that Cloud Manager will purchase.
Select the I understand… check boxes.
Cloud Manager deploys the Cloud Volumes ONTAP system. You can track the progress in the timeline.
If you experience any issues deploying the Cloud Volumes ONTAP system, review the failure message. You can also select the working environment and click Re-create environment.
For additional help, go to NetApp Cloud Volumes ONTAP Support.
If you provisioned a CIFS share, give users or groups permissions to the files and folders and verify that those users can access the share and create a file.
If you want to apply quotas to volumes, use System Manager or the CLI.
Quotas enable you to restrict or track the disk space and number of files used by a user, group, or qtree.