Astra Control Center requirements

Contributors netapp-mwallis netapp-dbagwell amgrissino

Operational environment requirements

Astra Control Center has been validated on the following types of operational environments:

  • Cisco IKS with Kubernetes 1.22

  • Google Anthos 1.11 or 1.12 (See Google Anthos cluster requirements)

  • Rancher Kubernetes Engine (RKE):

    • RKE 1.3.12 with Rancher 2.6.5 and 2.6.6

    • RKE 1.3.13 with Rancher 2.6.8

    • RKE 2 (v1.23.6+rke2r1) with Rancher 2.6.5 and 2.6.6

    • RKE 2 (v1.24.x) with Rancher 2.6.8

  • Red Hat OpenShift Container Platform 4.8 through 4.11

  • Upstream Kubernetes 1.23 to 1.25 (Astra Trident 22.10 or newer required for Kubernetes 1.25)

  • VMware Tanzu Kubernetes Grid: (See VMware Tanzu Kubernetes Grid cluster requirements)

    • VMware Tanzu Kubernetes Grid 1.5

    • VMware Tanzu Kubernetes Grid Integrated Edition 1.13 and 1.14

Ensure that the operating environment you choose to host Astra Control Center meets the basic resource requirements outlined in the environment’s official documentation. Astra Control Center requires the following resources in addition to the environment’s resource requirements:

Component Requirement

CPU extensions

The CPUs in all nodes of the hosting environment must have AVX extensions enabled.

Storage backend capacity

At least 500GB available

Worker nodes

At least 3 worker nodes total, with 4 CPU cores and 12GB RAM each

FQDN address

An FQDN address for Astra Control Center

Astra Trident

Astra Trident 22.01 or newer installed and configured
Astra Trident 22.07 or newer installed for SnapMirror-based application replication
Astra Trident 22.10 or newer installed for Kubernetes 1.25 clusters (you must upgrade to Astra Trident 22.10 prior to upgrading to Kubernetes 1.25)

Note These requirements assume that Astra Control Center is the only application running in the operational environment. If the environment is running additional applications, adjust these minimum requirements accordingly.
  • Image registry: You must have an existing private Docker image registry to which you can push Astra Control Center build images. You need to provide the URL of the image registry where you will upload the images.

  • Astra Trident / ONTAP configuration: Astra Control Center requires that a storage class be created and set as the default storage class. Astra Control Center supports the following ONTAP drivers provided by Astra Trident:

    • ontap-nas

    • ontap-nas-flexgroup

    • ontap-san

    • ontap-san-economy (not supported for app replication)

Supported storage backends

Astra Control Center supports the following storage backends.

  • NetApp ONTAP 9.5 or newer AFF and FAS systems

  • NetApp ONTAP 9.8 or newer AFF and FAS systems for SnapMirror-based application replication

  • NetApp Cloud Volumes ONTAP

To use Astra Control Center, verify that you have the following ONTAP licenses, depending on what you need to accomplish:

  • FlexClone

  • SnapMirror: Optional. Needed only for replication to remote systems using SnapMirror technology. Refer to SnapMirror license information.

  • S3 license: Optional. Needed only for ONTAP S3 buckets

To check whether your ONTAP system has the required licenses, refer to Manage ONTAP licenses.

Access to the internet

You should determine whether you have outside access to the internet. If you do not, some functionality might be limited, such as receiving monitoring and metrics data from NetApp Cloud Insights, or sending support bundles to the NetApp Support Site.


Astra Control Center requires an Astra Control Center license for full functionality. Obtain an evaluation license or full license from NetApp. You need a license to protect your applications and data. Refer to Astra Control Center features for details.

You can try Astra Control Center with an evaluation license, which lets you use Astra Control Center for 90 days from the date you download the license. You can sign up for a free trial by registering here.

To set up the license, refer to use a 90-day evaluation license.

To learn more about how licenses work, see Licensing.

For details about licenses needed for ONTAP storage backends, refer to Supported storage backends.

Ingress for on-premises Kubernetes clusters

You can choose the type of network ingress Astra Control Center uses. By default, Astra Control Center deploys the Astra Control Center gateway (service/traefik) as a cluster-wide resource. Astra Control Center also supports using a service load balancer, if they are permitted in your environment. If you would rather use a service load balancer and you don’t already have one configured, you can use the MetalLB load balancer to automatically assign an external IP address to the service. In the internal DNS server configuration, you should point the chosen DNS name for Astra Control Center to the load-balanced IP address.

Note The load balancer should use an IP address located in the same subnet as the Astra Control Center worker node IP addresses.
Note If you are hosting Astra Control Center on a Tanzu Kubernetes Grid cluster, use the kubectl get nsxlbmonitors -A command to see if you already have a service monitor configured to accept ingress traffic. If one exists, you should not install MetalLB, because the existing service monitor will override any new load balancer configuration.

For more information, see Set up ingress for load balancing.

Networking requirements

The operational environment that hosts Astra Control Center communicates using the following TCP ports. You should ensure that these ports are allowed through any firewalls, and configure firewalls to allow any HTTPS egress traffic originating from the Astra network. Some ports require connectivity both ways between the environment hosting Astra Control Center and each managed cluster (noted where applicable).

Note You can deploy Astra Control Center in a dual-stack Kubernetes cluster, and Astra Control Center can manage applications and storage backends that have been configured for dual-stack operation. For more information about dual-stack cluster requirements, see the Kubernetes documentation.
Source Destination Port Protocol Purpose

Client PC

Astra Control Center



UI / API access - Ensure this port is open both ways between the cluster hosting Astra Control Center and each managed cluster

Metrics consumer

Astra Control Center worker node



Metrics data communication - ensure each managed cluster can access this port on the cluster hosting Astra Control Center (two-way communication required)

Astra Control Center

Hosted Cloud Insights service (



Cloud Insights communication

Astra Control Center

Amazon S3 storage bucket provider



Amazon S3 storage communication

Astra Control Center

NetApp AutoSupport (



NetApp AutoSupport communication

Supported web browsers

Astra Control Center supports recent versions of Firefox, Safari, and Chrome with a minimum resolution of 1280 x 720.

Additional requirements for application clusters

Keep in mind these requirements if you plan to use these Astra Control Center features:

Google Anthos cluster requirements

When hosting Astra Control Center on a Google Anthos cluster, note that Google Anthos includes the MetalLB load balancer and the Istio ingress gateway service by default, enabling you to simply use the generic ingress capabilities of Astra Control Center during installation. See Configure Astra Control Center for details.

VMware Tanzu Kubernetes Grid cluster requirements

When hosting Astra Control Center on a VMware Tanzu Kubernetes Grid (TKG) or Tanzu Kubernetes Grid Integrated Edition (TKGi) cluster, keep in mind the following considerations.

  • Disable the TKG or TKGi default storage class enforcement on any application clusters intended to be managed by Astra Control. You can do this by editing the TanzuKubernetesCluster resource on the namespace cluster.

  • Be aware of specific requirements for Astra Trident when you deploy Astra Control Center in a TKG or TKGi environment. For more information, see the Astra Trident documentation.

Note The default VMware TKG and TKGi configuration file token expires ten hours after deployment. If you use Tanzu portfolio products, you must generate a Tanzu Kubernetes Cluster configuration file with a non-expiring token to prevent connection issues between Astra Control Center and managed application clusters. For instructions, visit the VMware NSX-T Data Center Product Documentation.

What’s next

View the quick start overview.