Getting started checklist

Contributors netapp-bcammett

Use this checklist to understand what’s needed to get up and running with Cloud Manager in a typical deployment where the Connector has outbound internet access.

A NetApp Cloud Central login

You need to sign up to NetApp Cloud Central so that you can access Cloud Manager and other cloud services.

Network access from a web browser to several endpoints

The Cloud Manager user interface is accessible from a web browser. As you use the Cloud Manager user interface, it contacts several endpoints to complete data management tasks. The machine running the web browser must have connections to the following endpoints.

Endpoints Purpose

http://cloudmanager.netapp.com

Your web browser contacts this URL when using the SaaS UI.

AWS services (amazonaws.com):

  • CloudFormation

  • Cognito

  • Elastic Compute Cloud (EC2)

  • Key Management Service (KMS)

  • Security Token Service (STS)

  • Simple Storage Service (S3)

Required to deploy a Connector from Cloud Manager in AWS. The exact endpoint depends on the region in which you deploy the Connector. Refer to AWS documentation for details.

https://management.azure.com

https://login.microsoftonline.com

Required to deploy a Connector from Cloud Manager in most Azure regions.

https://management.microsoftazure.de

https://login.microsoftonline.de

Required to deploy a Connector from Cloud Manager in Azure Germany regions.

https://management.usgovcloudapi.net

https://login.microsoftonline.com

Required to deploy a Connector from Cloud Manager in Azure US Gov regions.

https://www.googleapis.com

Required to deploy a Connector from Cloud Manager in Google Cloud.

https://signin.b2c.netapp.com

Required to update NetApp Support Site (NSS) credentials or to add new NSS credentials to Cloud Manager.

https://netapp-cloud-account.auth0.com

https://cdn.auth0.com

https://services.cloud.netapp.com

Your web browser connects to these endpoints for centralized user authentication through NetApp Cloud Central.

https://widget.intercom.io

For in-product chat that enables you to talk to NetApp cloud experts.

The Connector’s IP address

In most cases, you should work with Cloud Manager from the SaaS UI, but if you use the local UI, then you must enter the host’s IP address from a web browser.

Depending on the connectivity to your cloud provider, use the private IP or a public IP assigned to the host:

  • A private IP works if you have a VPN and direct access to your virtual network

  • A public IP works in any networking scenario

In either case, secure network access by ensuring that security group rules allow access from only authorized IPs or subnets.

Outbound networking for a Connector

After logging in to Cloud Manager, an Account Admin will need to deploy a Connector in a cloud provider or in your on-premises network. The Connector enables Cloud Manager to manage resources and processes within your public cloud environment. A Connector isn’t required for Azure NetApp Files, Cloud Volumes Service, or Cloud Sync, but it is required for all other services and features in Cloud Manager. Learn more about Connectors and how they work.

  • The network location where you deploy the Connector must have an outbound internet connection.

    The Connector requires outbound internet access to contact the following endpoints in order to manage resources and processes within your public cloud environment.

    Endpoints Purpose

    https://support.netapp.com

    To obtain licensing information and to send AutoSupport messages to NetApp support.

    https://*.cloudmanager.cloud.netapp.com

    To provide SaaS features and services within Cloud Manager.

    https://cloudmanagerinfraprod.azurecr.io

    https://*.blob.core.windows.net

    To upgrade the Connector and its Docker components.

  • If you choose to manually install the Connector on your own Linux host (and not do so directly from the Cloud Manager interface), the installer for the Connector requires access to the following endpoints during the installation process:

    • https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

    • https://s3.amazonaws.com/aws-cli/awscli-bundle.zip

    • https://*.blob.core.windows.net or https://hub.docker.com

      The host might try to update operating system packages during installation. The host can contact different mirroring sites for these OS packages.

  • There’s no incoming traffic to the Connector, unless you initiate it.

    HTTP (80) and HTTPS (443) provide access to the local UI, which you’ll use in rare circumstances. SSH (22) is only needed if you need to connect to the host for troubleshooting.

Cloud provider permissions

You need an account that has permissions to deploy the Connector in your cloud provider directly from Cloud Manager.

Note There are alternate ways to create a Connector: you can create a Connector from the AWS Marketplace, the Azure Marketplace, or you can manually install the software.
Location High-level steps Detailed steps

AWS

  1. Use a JSON file that includes the required permissions to create an IAM policy in AWS.

  2. Attach the policy to an IAM role or IAM user.

  3. When you create the Connector, provide Cloud Manager with the ARN of the IAM role or the AWS access key and secret key for the IAM user.

Click here to view detailed steps.

Azure

  1. Use a JSON file that includes the required permissions to create a custom role in Azure.

  2. Assign the role to the user who will create the Connector from Cloud Manager.

  3. When you create the Connector, log in with the Microsoft account that has the required permissions (the login prompt that is owned and hosted by Microsoft).

Click here to view detailed steps.

Google Cloud

  1. Use a YAML file that includes the required permissions to create a custom role in Google Cloud.

  2. Attach that role to the user who will create the Connector from Cloud Manager.

  3. If you plan to use Cloud Volumes ONTAP, set up a service account that has the required permissions.

  4. Enable Google Cloud APIs.

  5. When you create the Connector, log in with the Google account that has the required permissions (the login prompt is owned and hosted by Google).

Click here to view detailed steps.

Networking for individual services

Now that your setup is complete, you’re ready to start using the services available from Cloud Manager. Note that each service has its own networking requirements. Refer to the following pages for more details.