Skip to main content
Cloud Tiering

Installing the Service Connector on your premises for tiering to AWS S3

Contributors netapp-bcammett

If you want to tier cold data to AWS S3, you can deploy the Service Connector either on your premises or in an AWS VPC. This page describes how to install the on-premises Service Connector.

Understanding the relationship between the Service Connector and Cloud Manager

To install the Service Connector, you need to download and install NetApp Cloud Manager software. You need to do this because the Service Connector is part of Cloud Manager.

Preparing your networking

The Service Connector needs a connection to your ONTAP clusters, to AWS S3, and to the Cloud Tiering service.

Steps
  1. Set up an on-premises location for the Service Connector that enables the following connections:

    • An outbound internet connection to the Cloud Tiering service over port 443 (HTTPS)

    • An HTTPS connection over port 443 to S3

    • An HTTPS connection over port 443 to your ONTAP clusters

  2. Ensure that outbound internet access is allowed to those endpoints:

    • http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm

    • https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

    • https://s3.amazonaws.com/aws-cli/awscli-bundle.zip

      The installer accesses these URLs during the installation process.

Providing permissions to an AWS account

After you install the Service Connector, you need to provide access keys for an AWS account. That account needs specific permissions so the Service Connector can set up data tiering to AWS S3 on your behalf.

Cloud Tiering tiers data to an S3 bucket that resides in this AWS account.

Steps
  1. From the AWS IAM console, create an IAM policy by copying and pasting the permissions below.

    For step-by-step instructions, refer to AWS Documentation: Creating IAM Policies.

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "sts:DecodeAuthorizationMessage",
                    "s3:ListBucket",
                    "ec2:DescribeRegions",
                    "cloudformation:CreateStack",
                    "cloudformation:DeleteStack",
                    "cloudformation:DescribeStacks",
                    "cloudformation:DescribeStackEvents",
                    "cloudformation:ValidateTemplate"
                ],
                "Resource": "*"
            },
            {
                "Sid": "fabricPoolPolicy",
                "Effect": "Allow",
                "Action": [
                    "s3:DeleteBucket",
                    "s3:GetLifecycleConfiguration",
                    "s3:PutLifecycleConfiguration",
                    "s3:CreateBucket",
                    "s3:GetBucketTagging",
                    "s3:PutBucketTagging"
                ],
                "Resource": "arn:aws:s3:::fabric-pool*"
            }
        ]
    }
  2. Attach the policy to an IAM role or an IAM user.

    For step-by-step instructions, refer to the following:

Result

The account now has the required permissions. You need to provide access keys for the AWS account after you install the Service Connector.

Installing the Service Connector on an on-premises Linux host

After you verify system and network requirements, download and install the software on a supported Linux host.

About this task
  • Root privileges are not required for installation.

  • The Service Connector installs the AWS command line tools (awscli) to enable recovery procedures from NetApp support.

    If you receive a message that installing the awscli failed, you can safely ignore the message. The Service Connector can operate successfully without the tools.

  • The installer that is available on the NetApp Support Site might be an earlier version. After installation, the software automatically updates itself if a new version is available.

Steps
  1. Download the installation script for Cloud Manager 3.8.4 or later from the NetApp Support Site, and then copy it to the Linux host.

  2. Assign permissions to execute the script.

    Example

    chmod +x OnCommandCloudManager-V3.8.4.sh

  3. Run the installation script:

    ./OnCommandCloudManager-V3.8.4.sh [silent] [proxy=ipaddress] [proxyport=port] [proxyuser=user_name] [proxypwd=password]

    silent runs the installation without prompting you for information.

    proxy is required if the host is behind a proxy server.

    proxyport is the port for the proxy server.

    proxyuser is the user name for the proxy server, if basic authentication is required.

    proxypwd is the password for the user name that you specified.

  4. Unless you specified the silent parameter, type Y to continue the script, and then enter the HTTP and HTTPS ports when prompted.

    If you change the HTTP and HTTPS ports, you must ensure that users can access the Cloud Manager web console from a remote host:

    • Modify the security group to allow inbound connections through the ports.

    • Specify the port when you enter the URL to the web console.

      The Service Connector is now installed. At the end of the installation, the Cloud Manager service (occm) restarts twice if you specified a proxy server.

  5. Open a web browser and enter the following URL:

    https://ipaddress:port

    ipaddress can be localhost, a private IP address, or a public IP address, depending on the configuration of the host.

    port is required if you changed the default HTTP (80) or HTTPS (443) ports. For example, if the HTTPS port was changed to 8443, you would enter https://ipaddress:8443

  6. Sign up at NetApp Cloud Central or log in.

  7. After you log in, set up Cloud Manager:

    1. Specify the Cloud Central account to associate with this Cloud Manager system. This should be the same account that you specified when you ran the pre-installation script.

    2. Enter a name for the system.

      A screenshot that shows the set up Cloud Manager screen that enables you to select a Cloud Central account and name the Cloud Manager system.

After you finish

Add an AWS account to Cloud Manager that has the required permissions.

Adding the AWS account to Cloud Manager

After you provide an AWS account with the required permissions, you need to add AWS access keys to Cloud Manager. This enables the Service Connector to set up data tiering to AWS S3 on your behalf.

Cloud Tiering tiers data to an S3 bucket that resides in this AWS account.

Steps
  1. In the upper right of the Cloud Manager console, click the Settings icon, and select Credentials.

    A screenshot that shows the Settings icon in the upper right of the Cloud Manager console.

  2. Click Add Credentials and select AWS.

  3. Select AWS keys.

  4. Confirm that the policy requirements have been met and then click Create Account.

Result

The Service Connector is now installed with the permissions that it needs to tier cold data from your ONTAP systems to AWS S3. You should now see the Service Connector when you set up tiering to a new cluster.