Skip to main content
Cloud Insights

Configuring the Cloud Volumes ONTAP and Amazon FSx for NetApp ONTAP collector

Contributors netapp-alavoie

Workload Security uses data collectors to collect file and user access data from devices.

Cloud Volumes ONTAP Storage Configuration

See the OnCommand Cloud Volumes ONTAP Documentation to configure a single-node / HA AWS instance to host the Workload Security Agent:

After the configuration is complete, follow the steps to setup your SVM:

Supported Platforms

  • Cloud Volumes ONTAP, supported in all the available cloud service providers wherever available. For example: Amazon, Azure, Google Cloud.

  • ONTAP Amazon FSx

Agent Machine Configuration

The agent machine must be configured in the respective subnets of the cloud Service providers. Read more about network access in the [Agent Requirements].

Below are the steps for Agent installation in AWS. Equivalent steps, as applicable to the cloud service provider, can be followed in Azure or Google Cloud for the installation.

In AWS, use the following steps to configure the machine to be used as a Workload Security Agent:

Use the following steps to configure the machine to be used as a Workload Security Agent:

  1. Log in to the AWS console and navigate to EC2-Instances page and select Launch instance.

  2. Select a RHEL or CentOS AMI with the appropriate version as mentioned in this page:

  3. Select the VPC and Subnet that the Cloud ONTAP instance resides in.

  4. Select t2.xlarge (4 vcpus and 16 GB RAM) as allocated resources.

    1. Create the EC2 instance.

  5. Install the required Linux packages using the YUM package manager:

    1. Install wget and unzip native Linux packages.

Install the Workload Security Agent

  1. Log in as Administrator or Account Owner to your Cloud Insights environment.

  2. Navigate to Workload Security Collectors and click the Agents tab.

  3. Click +Agent and specify RHEL as the target platform.

  4. Copy the Agent Installation command.

  5. Paste the Agent Installation command into the RHEL EC2 instance you are logged in to.
    This installs the Workload Security agent, providing all of the Agent Prerequisites are met.


Known problems and their resolutions are described in the following table.



“Workload Security: Failed to determine ONTAP type for Amazon FxSN data collector” error is shown by the Data Collector.
Customer is unable to add new Amazon FSxN data collector into Workload Security. Connection to FSxN cluster on port 443 from the agent is timing out. Firewall and AWS security groups have the required rules enabled to allow communication. An agent is already deployed and is in the same AWS account as well. This same agent is used to connect and monitor the remaining NetApp devices (and all of them are working).

Solve this issue by adding fsxadmin LIF network segment to agent's security rule.
Allowed all ports if you are not sure about the ports.