Preparing to tier inactive data to StorageGRID

Contributors netapp-bcammett

Before you use Cloud Tiering, verify support for your ONTAP cluster, prepare StorageGRID, and install a Service Connector on an on-premises Linux host.

The following image shows each component and the connections that you need to prepare between them:

An architecture image that shows the Cloud Tiering service with a connection to the Service Connector on your premises, the Service Connector with a connection to your ONTAP cluster, and a connection between the ONTAP cluster and object storage. Active data resides on the ONTAP cluster, while inactive data resides in object storage.

Note Communication between the Service Connector and StorageGRID is for object storage setup only.

Preparing your ONTAP clusters

Your ONTAP clusters must meet the following requirements when tiering data to StorageGRID.

Supported ONTAP platforms

Cloud Tiering supports AFF systems and all-SSD aggregates on FAS systems.

Supported ONTAP version

ONTAP 9.4 or later


A FabricPool license isn’t required on the ONTAP cluster when tiering data to StorageGRID.

Cluster networking requirements
  • The ONTAP cluster initiates an HTTPS connection over a user-specified port to StorageGRID (the port is configurable during tiering setup).

    ONTAP reads and writes data to and from object storage. The object storage never initiates, it just responds.

  • An inbound connection is required from the NetApp Service Connector, which resides on your premises.

    A connection between the cluster and the Cloud Tiering service is not required.

  • An intercluster LIF is required on each ONTAP node that hosts tiered volumes. The LIF must be associated with the IPspace that ONTAP should use to connect to object storage.

    IPspaces enable network traffic segregation, allowing for separation of client traffic for privacy and security. Learn more about IPspaces.

    When you set up data tiering, Cloud Tiering prompts you for the IPspace to use. You should choose the IPspace that each LIF is associated with. That might be the "Default" IPspace or a custom IPspace that you created.

Supported volumes and aggregates

The total number of volumes that Cloud Tiering can tier might be less than the number of volumes on your ONTAP system. That’s because volumes can’t be tiered from some aggregates. For example, you can’t tier data from SnapLock volumes or from MetroCluster configurations. Refer to ONTAP documentation for functionality or features not supported by FabricPool.

Note Cloud Tiering supports FlexGroup volumes, starting with ONTAP 9.5. Setup works the same as any other volume.

Preparing StorageGRID

StorageGRID must meet the following requirements.

Supported StorageGRID versions

StorageGRID 10.3 and later are supported.

S3 credentials

When you set up tiering to StorageGRID, you need to provide Cloud Tiering with an S3 access key and secret key. Cloud Tiering uses the keys to access your buckets.

These access keys must be associated with a user who has the following permissions:

Object versioning

You must not enable StorageGRID object versioning on the object store bucket.

Installing the Service Connector on-prem for StorageGRID

To tier data to StorageGRID, you need to install a Service Connector on an on-prem Linux host.

Understanding the relationship between the Service Connector and Cloud Manager

To install the Service Connector, you need to download and install NetApp Cloud Manager software. You need to do this because the Service Connector is part of Cloud Manager.

Verifying host requirements

The Service Connector is supported on a Linux host that meets the following requirements.

Preparing your networking

The Service Connector needs a connection to your ONTAP clusters, to StorageGRID, and to the Cloud Tiering service.

  1. Set up an on-premises location for the Service Connector that enables the following connections:

    • An outbound internet connection to the Cloud Tiering service over port 443 (HTTPS)

    • An HTTPS connection over port 443 to StorageGRID

    • An HTTPS connection over port 443 to your ONTAP clusters

  2. Ensure that outbound internet access is allowed to those endpoints:




      The installer accesses these URLs during the installation process.

Installing the Service Connector on an on-premises Linux host

After you verify system and network requirements, download and install the software on a supported Linux host.

About this task
  • Root privileges are not required for installation.

  • The Service Connector installs the AWS command line tools (awscli) to enable recovery procedures from NetApp support.

    If you receive a message that installing the awscli failed, you can safely ignore the message. The Service Connector can operate successfully without the tools.

  • The installer that is available on the NetApp Support Site might be an earlier version. After installation, the software automatically updates itself if a new version is available.

  1. Download the installation script for Cloud Manager 3.8.4 or later from the NetApp Support Site, and then copy it to the Linux host.

  2. Assign permissions to execute the script.


    chmod +x

  3. Run the installation script:

    ./ [silent] [proxy=ipaddress] [proxyport=port] [proxyuser=user_name] [proxypwd=password]

    silent runs the installation without prompting you for information.

    proxy is required if the host is behind a proxy server.

    proxyport is the port for the proxy server.

    proxyuser is the user name for the proxy server, if basic authentication is required.

    proxypwd is the password for the user name that you specified.

  4. Unless you specified the silent parameter, type Y to continue the script, and then enter the HTTP and HTTPS ports when prompted.

    If you change the HTTP and HTTPS ports, you must ensure that users can access the Cloud Manager web console from a remote host:

    • Modify the security group to allow inbound connections through the ports.

    • Specify the port when you enter the URL to the web console.

      The Service Connector is now installed. At the end of the installation, the Cloud Manager service (occm) restarts twice if you specified a proxy server.

  5. Open a web browser and enter the following URL:


    ipaddress can be localhost, a private IP address, or a public IP address, depending on the configuration of the host.

    port is required if you changed the default HTTP (80) or HTTPS (443) ports. For example, if the HTTPS port was changed to 8443, you would enter https://ipaddress:8443

  6. Sign up at NetApp Cloud Central or log in.

  7. After you log in, set up Cloud Manager:

    1. Specify the Cloud Central account to associate with this Cloud Manager system. This should be the same account that you specified when you ran the pre-installation script.

    2. Enter a name for the system.

      A screenshot that shows the set up Cloud Manager screen that enables you to select a Cloud Central account and name the Cloud Manager system.


The Service Connector is now installed and setup. You can use it to discover a cluster in Cloud Tiering.