Skip to main content
Cloud Volumes ONTAP
All cloud providers
  • Amazon Web Services
  • Google Cloud
  • Microsoft Azure
  • All cloud providers

Launching Cloud Volumes ONTAP in AWS

Contributors netapp-rlithman netapp-manini netapp-bcammett netapp-dbagwell netapp-driley

You can launch Cloud Volumes ONTAP in a single-system configuration or as an HA pair in AWS.

Before you get started

You need the following to create a working environment.

Launching a single-node Cloud Volumes ONTAP system in AWS

If you want to launch Cloud Volumes ONTAP in AWS, you need to create a new working environment in BlueXP

About this task

Immediately after you create the working environment, BlueXP launches a test instance in the specified VPC to verify connectivity. If successful, BlueXP immediately terminates the instance and then starts deploying the Cloud Volumes ONTAP system. If BlueXP cannot verify connectivity, creation of the working environment fails. The test instance is either a t2.nano (for default VPC tenancy) or m3.medium (for dedicated VPC tenancy).

Steps
  1. From the left navigation menu, select Storage > Canvas.

  2. On the Canvas page, click Add Working Environment and follow the prompts.

  3. Choose a Location: Select Amazon Web Services and Cloud Volumes ONTAP Single Node.

  4. If you're prompted, create a Connector.

  5. Details and Credentials: Optionally change the AWS credentials and subscription, enter a working environment name, add tags if needed, and then enter a password.

    Some of the fields in this page are self-explanatory. The following table describes fields for which you might need guidance:

    Field Description

    Working Environment Name

    BlueXP uses the working environment name to name both the Cloud Volumes ONTAP system and the Amazon EC2 instance. It also uses the name as the prefix for the predefined security group, if you select that option.

    Add tags

    AWS tags are metadata for your AWS resources. BlueXP adds the tags to the Cloud Volumes ONTAP instance and each AWS resource associated with the instance.

    You can add up to four tags from the user interface when creating a working environment, and then you can add more after its created. Note that the API does not limit you to four tags when creating a working environment.

    For information about tags, refer to AWS Documentation: Tagging your Amazon EC2 Resources.

    User name and password

    These are the credentials for the Cloud Volumes ONTAP cluster administrator account. You can use these credentials to connect to Cloud Volumes ONTAP through ONTAP System Manager or the ONTAP CLI. Keep the default admin user name or change it to a custom user name.

    Edit Credentials

    Choose the AWS credentials associated with the account where you want to deploy this system. You can also associate the AWS Marketplace subscription to use with this Cloud Volumes ONTAP system.

    Click Add Subscription to associate the selected credentials with a new AWS Marketplace subscription. The subscription can be for an annual contract or to pay for Cloud Volumes ONTAP at an hourly rate.

    Learn how to add additional AWS credentials to BlueXP.

    The following video shows how to associate a pay-as-you-go Marketplace subscription to your AWS credentials:

    Subscribe to BlueXP from the AWS Marketplace
    Tip If multiple IAM users work in the same AWS account, then each user needs to subscribe. After the first user subscribes, the AWS Marketplace informs subsequent users that they're already subscribed, as shown in the image below. While a subscription is in place for the AWS account, each IAM user needs to associate themselves with that subscription. If you see the message shown below, click the click here link to go to the BlueXP website and complete the process.
    A screenshot that shows the subscription page for BlueXP for Cloud Volumes ONTAP when the AWS account already has a subscription, but a particular IAM user might not.
  6. Services: Keep the services enabled or disable the individual services that you don't want to use with Cloud Volumes ONTAP.

  7. Location & Connectivity: Enter the network information that you recorded in the AWS worksheet.

    The following table describes fields for which you might need guidance:

    Field Description

    VPC

    If you have an AWS Outpost, you can deploy a single node Cloud Volumes ONTAP system in that Outpost by selecting the Outpost VPC. The experience is the same as any other VPC that resides in AWS.

    Generated security group

    If you let BlueXP generate the security group for you, you need to choose how you'll allow traffic:

    • If you choose Selected VPC only, the source for inbound traffic is the subnet range of the selected VPC and the subnet range of the VPC where the Connector resides. This is the recommended option.

    • If you choose All VPCs, the source for inbound traffic is the 0.0.0.0/0 IP range.

    Use existing security group

    If you use an existing firewall policy, ensure that it includes the required rules. Learn about firewall rules for Cloud Volumes ONTAP.

  8. Data Encryption: Choose no data encryption or AWS-managed encryption.

    For AWS-managed encryption, you can choose a different Customer Master Key (CMK) from your account or another AWS account.

    Tip You can't change the AWS data encryption method after you create a Cloud Volumes ONTAP system.
  9. Charging Methods and NSS Account: Specify which charging option would you like to use with this system, and then specify a NetApp Support Site account.

  10. Cloud Volumes ONTAP Configuration (annual AWS Marketplace contract only): Review the default configuration and click Continue or click Change Configuration to select your own configuration.

    If you keep the default configuration, then you only need to specify a volume and then review and approve the configuration.

  11. Preconfigured Packages: Select one of the packages to quickly launch Cloud Volumes ONTAP, or click Change Configuration to select your own configuration.

    If you choose one of the packages, then you only need to specify a volume and then review and approve the configuration.

  12. IAM Role: It's best to keep the default option to let BlueXP create the role for you.

    If you prefer to use your own policy, it must meet policy requirements for Cloud Volumes ONTAP nodes.

  13. Licensing: Change the Cloud Volumes ONTAP version as needed and select an instance type and the instance tenancy.

    Note If a newer Release Candidate, General Availability, or patch release is available for the selected version, then BlueXP updates the system to that version when creating the working environment. For example, the update occurs if you select Cloud Volumes ONTAP 9.13.1 and 9.13.1 P4 is available. The update does not occur from one release to another—for example, from 9.13 to 9.14.
  14. Underlying Storage Resources: Choose a disk type, configure the underlying storage, and choose whether to keep data tiering enabled.

    Note the following:

    • The disk type is for the initial volume (and aggregate). You can choose a different disk type for subsequent volumes (and aggregates).

    • If you choose a gp3 or io1 disk, BlueXP uses the Elastic Volumes feature in AWS to automatically increase the underlying storage disk capacity as needed. You can choose the initial capacity based on your storage needs and revise it after Cloud Volumes ONTAP is deployed. Learn more about support for Elastic Volumes in AWS.

    • If you choose a gp2 or st1 disk, you can select a disk size for all disks in the initial aggregate and for any additional aggregates that BlueXP creates when you use the simple provisioning option. You can create aggregates that use a different disk size by using the advanced allocation option.

    • You can choose a specific volume tiering policy when you create or edit a volume.

    • If you disable data tiering, you can enable it on subsequent aggregates.

  15. Write Speed & WORM:

    1. Choose Normal or High write speed, if desired.

    2. Activate write once, read many (WORM) storage, if desired.

      WORM can't be enabled if data tiering was enabled for Cloud Volumes ONTAP versions 9.7 and below. Reverting or downgrading to Cloud Volumes ONTAP 9.8 is blocked after enabling WORM and tiering.

    3. If you activate WORM storage, select the retention period.

  16. Create Volume: Enter details for the new volume or click Skip.

    Some of the fields in this page are self-explanatory. The following table describes fields for which you might need guidance:

    Field Description

    Size

    The maximum size that you can enter largely depends on whether you enable thin provisioning, which enables you to create a volume that is bigger than the physical storage currently available to it.

    Access control (for NFS only)

    An export policy defines the clients in the subnet that can access the volume. By default, BlueXP enters a value that provides access to all instances in the subnet.

    Permissions and Users / Groups (for CIFS only)

    These fields enable you to control the level of access to a share for users and groups (also called access control lists or ACLs). You can specify local or domain Windows users or groups, or UNIX users or groups. If you specify a domain Windows user name, you must include the user's domain using the format domain\username.

    Snapshot Policy

    A Snapshot copy policy specifies the frequency and number of automatically created NetApp Snapshot copies. A NetApp Snapshot copy is a point-in-time file system image that has no performance impact and requires minimal storage. You can choose the default policy or none. You might choose none for transient data: for example, tempdb for Microsoft SQL Server.

    Advanced options (for NFS only)

    Select an NFS version for the volume: either NFSv3 or NFSv4.

    Initiator group and IQN (for iSCSI only)

    iSCSI storage targets are called LUNs (logical units) and are presented to hosts as standard block devices.

    Initiator groups are tables of iSCSI host node names and control which initiators have access to which LUNs.

    iSCSI targets connect to the network through standard Ethernet network adapters (NICs), TCP offload engine (TOE) cards with software initiators, converged network adapters (CNAs) or dedicated host bust adapters (HBAs) and are identified by iSCSI qualified names (IQNs).

    When you create an iSCSI volume, BlueXP automatically creates a LUN for you. We’ve made it simple by creating just one LUN per volume, so there’s no management involved. After you create the volume, use the IQN to connect to the LUN from your hosts.

    The following image shows the Volume page filled out for the CIFS protocol:

    Screen shot: Shows the Volume page filled out for a Cloud Volumes ONTAP instance.

  17. CIFS Setup: If you chose the CIFS protocol, set up a CIFS server.

    Field Description

    DNS Primary and Secondary IP Address

    The IP addresses of the DNS servers that provide name resolution for the CIFS server.
    The listed DNS servers must contain the service location records (SRV) needed to locate the Active Directory LDAP servers and domain controllers for the domain that the CIFS server will join.

    Active Directory Domain to join

    The FQDN of the Active Directory (AD) domain that you want the CIFS server to join.

    Credentials authorized to join the domain

    The name and password of a Windows account with sufficient privileges to add computers to the specified Organizational Unit (OU) within the AD domain.

    CIFS server NetBIOS name

    A CIFS server name that is unique in the AD domain.

    Organizational Unit

    The organizational unit within the AD domain to associate with the CIFS server. The default is CN=Computers.
    If you configure AWS Managed Microsoft AD as the AD server for Cloud Volumes ONTAP, you should enter OU=Computers,OU=corp in this field.

    DNS Domain

    The DNS domain for the Cloud Volumes ONTAP storage virtual machine (SVM). In most cases, the domain is the same as the AD domain.

    NTP Server

    Select Use Active Directory Domain to configure an NTP server using the Active Directory DNS. If you need to configure an NTP server using a different address, then you should use the API. Refer to the BlueXP automation docs for details.

    Note that you can configure an NTP server only when creating a CIFS server. It's not configurable after you create the CIFS server.

  18. Usage Profile, Disk Type, and Tiering Policy: Choose whether you want to enable storage efficiency features and edit the volume tiering policy, if needed.

    For more information, refer to Understanding volume usage profiles and Data tiering overview.

  19. Review & Approve: Review and confirm your selections.

    1. Review details about the configuration.

    2. Click More information to review details about support and the AWS resources that BlueXP will purchase.

    3. Select the I understand…​ check boxes.

    4. Click Go.

Result

BlueXP launches the Cloud Volumes ONTAP instance. You can track the progress in the timeline.

If you experience any issues launching the Cloud Volumes ONTAP instance, review the failure message. You can also select the working environment and click Re-create environment.

For additional help, go to NetApp Cloud Volumes ONTAP Support.

After you finish
  • If you provisioned a CIFS share, give users or groups permissions to the files and folders and verify that those users can access the share and create a file.

  • If you want to apply quotas to volumes, use ONTAP System Manager or the ONTAP CLI.

    Quotas enable you to restrict or track the disk space and number of files used by a user, group, or qtree.

Launching a Cloud Volumes ONTAP HA pair in AWS

If you want to launch a Cloud Volumes ONTAP HA pair in AWS, you need to create an HA working environment in BlueXP.

Limitation

At this time, HA pairs are not supported with AWS Outposts.

About this task

Immediately after you create the working environment, BlueXP launches a test instance in the specified VPC to verify connectivity. If successful, BlueXP immediately terminates the instance and then starts deploying the Cloud Volumes ONTAP system. If BlueXP cannot verify connectivity, creation of the working environment fails. The test instance is either a t2.nano (for default VPC tenancy) or m3.medium (for dedicated VPC tenancy).

Steps
  1. From the left navigation menu, select Storage > Canvas.

  2. On the Canvas page, click Add Working Environment and follow the prompts.

  3. Choose a Location: Select Amazon Web Services and Cloud Volumes ONTAP HA.

    Some AWS Local Zones are available.

    Before you can use AWS Local Zones, you must enable Local Zones and create a subnet in the Local Zone in your AWS account. Follow the Opt in to an AWS Local Zone and Extend your Amazon VPC to the Local Zone steps in the AWS tutorial "Get Started Deploying Low Latency Applications with AWS Local Zones.

    If you are running a Connector version 3.9.36 or below, you need to add the following permission to the AWS Connector role in the AWS EC2 console: DescribeAvailabilityZones.

  4. Details and Credentials: Optionally change the AWS credentials and subscription, enter a working environment name, add tags if needed, and then enter a password.

    Some of the fields in this page are self-explanatory. The following table describes fields for which you might need guidance:

    Field Description

    Working Environment Name

    BlueXP uses the working environment name to name both the Cloud Volumes ONTAP system and the Amazon EC2 instance. It also uses the name as the prefix for the predefined security group, if you select that option.

    Add tags

    AWS tags are metadata for your AWS resources. BlueXP adds the tags to the Cloud Volumes ONTAP instance and each AWS resource associated with the instance.

    You can add up to four tags from the user interface when creating a working environment, and then you can add more after its created. Note that the API does not limit you to four tags when creating a working environment.

    For information about tags, refer to AWS Documentation: Tagging your Amazon EC2 Resources.

    User name and password

    These are the credentials for the Cloud Volumes ONTAP cluster administrator account. You can use these credentials to connect to Cloud Volumes ONTAP through ONTAP System Manager or the ONTAP CLI. Keep the default admin user name or change it to a custom user name.

    Edit Credentials

    Choose the AWS credentials and marketplace subscription to use with this Cloud Volumes ONTAP system.

    Click Add Subscription to associate the selected credentials with a new AWS Marketplace subscription. The subscription can be for an annual contract or to pay for Cloud Volumes ONTAP at an hourly rate.

    If purchased a license directly from NetApp (bring your own license (BYOL)), then an AWS subscription isn't required.

    Learn how to add additional AWS credentials to BlueXP.

    The following video shows how to associate a pay-as-you-go Marketplace subscription to your AWS credentials:

    Subscribe to BlueXP from the AWS Marketplace
    Tip If multiple IAM users work in the same AWS account, then each user needs to subscribe. After the first user subscribes, the AWS Marketplace informs subsequent users that they're already subscribed, as shown in the image below. While a subscription is in place for the AWS account, each IAM user needs to associate themselves with that subscription. If you see the message shown below, click the click here link to go to BlueXP website and complete the process.
    A screenshot that shows the subscription page for BlueXP for Cloud Volumes ONTAP when the AWS account already has a subscription
  5. Services: Keep the services enabled or disable the individual services that you don't want to use with this Cloud Volumes ONTAP system.

  6. HA Deployment Models: Choose an HA configuration.

    For an overview of the deployment models, refer to Cloud Volumes ONTAP HA for AWS.

  7. Location and Connectivity (single AZ) or Region & VPC (multiple AZs): Enter the network information that you recorded in the AWS worksheet.

    The following table describes fields for which you might need guidance:

    Field Description

    Generated security group

    If you let BlueXP generate the security group for you, you need to choose how you'll allow traffic:

    • If you choose Selected VPC only, the source for inbound traffic is the subnet range of the selected VPC and the subnet range of the VPC where the Connector resides. This is the recommended option.

    • If you choose All VPCs, the source for inbound traffic is the 0.0.0.0/0 IP range.

    Use existing security group

    If you use an existing firewall policy, ensure that it includes the required rules. Learn about firewall rules for Cloud Volumes ONTAP.

  8. Connectivity and SSH Authentication: Choose connection methods for the HA pair and the mediator.

  9. Floating IPs: If you chose multiple AZs, specify the floating IP addresses.

    The IP addresses must be outside of the CIDR block for all VPCs in the region. For additional details, refer to AWS networking requirements for Cloud Volumes ONTAP HA in multiple AZs.

  10. Route Tables: If you chose multiple AZs, select the route tables that should include routes to the floating IP addresses.

    If you have more than one route table, it is very important to select the correct route tables. Otherwise, some clients might not have access to the Cloud Volumes ONTAP HA pair. For more information about route tables, refer to the AWS Documentation: Route Tables.

  11. Data Encryption: Choose no data encryption or AWS-managed encryption.

    For AWS-managed encryption, you can choose a different Customer Master Key (CMK) from your account or another AWS account.

    Tip You can't change the AWS data encryption method after you create a Cloud Volumes ONTAP system.
  12. Charging Methods and NSS Account: Specify which charging option would you like to use with this system, and then specify a NetApp Support Site account.

  13. Cloud Volumes ONTAP Configuration (annual AWS Marketplace contract only): Review the default configuration and click Continue or click Change Configuration to select your own configuration.

    If you keep the default configuration, then you only need to specify a volume and then review and approve the configuration.

  14. Preconfigured Packages (hourly or BYOL only): Select one of the packages to quickly launch Cloud Volumes ONTAP, or click Change Configuration to select your own configuration.

    If you choose one of the packages, then you only need to specify a volume and then review and approve the configuration.

  15. IAM Role: It's best to keep the default option to let BlueXP create the role for you.

    If you prefer to use your own policy, it must meet policy requirements for Cloud Volumes ONTAP nodes and the HA mediator.

  16. Licensing: Change the Cloud Volumes ONTAP version as needed and select an instance type and the instance tenancy.

    Note If a newer Release Candidate, General Availability, or patch release is available for the selected version, then BlueXP updates the system to that version when creating the working environment. For example, the update occurs if you select Cloud Volumes ONTAP 9.13.1 and 9.13.1 P4 is available. The update does not occur from one release to another—for example, from 9.13 to 9.14.
  17. Underlying Storage Resources: Choose a disk type, configure the underlying storage, and choose whether to keep data tiering enabled.

    Note the following:

    • The disk type is for the initial volume (and aggregate). You can choose a different disk type for subsequent volumes (and aggregates).

    • If you choose a gp3 or io1 disk, BlueXP uses the Elastic Volumes feature in AWS to automatically increase the underlying storage disk capacity as needed. You can choose the initial capacity based on your storage needs and revise it after Cloud Volumes ONTAP is deployed. Learn more about support for Elastic Volumes in AWS.

    • If you choose a gp2 or st1 disk, you can select a disk size for all disks in the initial aggregate and for any additional aggregates that BlueXP creates when you use the simple provisioning option. You can create aggregates that use a different disk size by using the advanced allocation option.

    • You can choose a specific volume tiering policy when you create or edit a volume.

    • If you disable data tiering, you can enable it on subsequent aggregates.

  18. Write Speed & WORM:

    1. Choose Normal or High write speed, if desired.

    2. Activate write once, read many (WORM) storage, if desired.

      WORM can't be enabled if data tiering was enabled for Cloud Volumes ONTAP versions 9.7 and below. Reverting or downgrading to Cloud Volumes ONTAP 9.8 is blocked after enabling WORM and tiering.

    3. If you activate WORM storage, select the retention period.

  19. Create Volume: Enter details for the new volume or click Skip.

    Some of the fields in this page are self-explanatory. The following table describes fields for which you might need guidance:

    Field Description

    Size

    The maximum size that you can enter largely depends on whether you enable thin provisioning, which enables you to create a volume that is bigger than the physical storage currently available to it.

    Access control (for NFS only)

    An export policy defines the clients in the subnet that can access the volume. By default, BlueXP enters a value that provides access to all instances in the subnet.

    Permissions and Users / Groups (for CIFS only)

    These fields enable you to control the level of access to a share for users and groups (also called access control lists or ACLs). You can specify local or domain Windows users or groups, or UNIX users or groups. If you specify a domain Windows user name, you must include the user's domain using the format domain\username.

    Snapshot Policy

    A Snapshot copy policy specifies the frequency and number of automatically created NetApp Snapshot copies. A NetApp Snapshot copy is a point-in-time file system image that has no performance impact and requires minimal storage. You can choose the default policy or none. You might choose none for transient data: for example, tempdb for Microsoft SQL Server.

    Advanced options (for NFS only)

    Select an NFS version for the volume: either NFSv3 or NFSv4.

    Initiator group and IQN (for iSCSI only)

    iSCSI storage targets are called LUNs (logical units) and are presented to hosts as standard block devices.

    Initiator groups are tables of iSCSI host node names and control which initiators have access to which LUNs.

    iSCSI targets connect to the network through standard Ethernet network adapters (NICs), TCP offload engine (TOE) cards with software initiators, converged network adapters (CNAs) or dedicated host bust adapters (HBAs) and are identified by iSCSI qualified names (IQNs).

    When you create an iSCSI volume, BlueXP automatically creates a LUN for you. We’ve made it simple by creating just one LUN per volume, so there’s no management involved. After you create the volume, use the IQN to connect to the LUN from your hosts.

    The following image shows the Volume page filled out for the CIFS protocol:

    Screen shot: Shows the Volume page filled out for a Cloud Volumes ONTAP instance.

  20. CIFS Setup: If you selected the CIFS protocol, set up a CIFS server.

    Field Description

    DNS Primary and Secondary IP Address

    The IP addresses of the DNS servers that provide name resolution for the CIFS server.
    The listed DNS servers must contain the service location records (SRV) needed to locate the Active Directory LDAP servers and domain controllers for the domain that the CIFS server will join.

    Active Directory Domain to join

    The FQDN of the Active Directory (AD) domain that you want the CIFS server to join.

    Credentials authorized to join the domain

    The name and password of a Windows account with sufficient privileges to add computers to the specified Organizational Unit (OU) within the AD domain.

    CIFS server NetBIOS name

    A CIFS server name that is unique in the AD domain.

    Organizational Unit

    The organizational unit within the AD domain to associate with the CIFS server. The default is CN=Computers.
    If you configure AWS Managed Microsoft AD as the AD server for Cloud Volumes ONTAP, you should enter OU=Computers,OU=corp in this field.

    DNS Domain

    The DNS domain for the Cloud Volumes ONTAP storage virtual machine (SVM). In most cases, the domain is the same as the AD domain.

    NTP Server

    Select Use Active Directory Domain to configure an NTP server using the Active Directory DNS. If you need to configure an NTP server using a different address, then you should use the API. Refer to the BlueXP automation docs for details.

    Note that you can configure an NTP server only when creating a CIFS server. It's not configurable after you create the CIFS server.

  21. Usage Profile, Disk Type, and Tiering Policy: Choose whether you want to enable storage efficiency features and edit the volume tiering policy, if needed.

    For more information, refer to Choose a volume usage profile and Data tiering overview.

  22. Review & Approve: Review and confirm your selections.

    1. Review details about the configuration.

    2. Click More information to review details about support and the AWS resources that BlueXP will purchase.

    3. Select the I understand…​ check boxes.

    4. Click Go.

Result

BlueXP launches the Cloud Volumes ONTAP HA pair. You can track the progress in the timeline.

If you experience any issues launching the HA pair, review the failure message. You can also select the working environment and click Re-create environment.

For additional help, go to NetApp Cloud Volumes ONTAP Support.

After you finish
  • If you provisioned a CIFS share, give users or groups permissions to the files and folders and verify that those users can access the share and create a file.

  • If you want to apply quotas to volumes, use ONTAP System Manager or the ONTAP CLI.

    Quotas enable you to restrict or track the disk space and number of files used by a user, group, or qtree.