Required network access points for 3.9.55 and below
This topic details the network access required for versions of the NetApp Console standard mode previous to the 4.0.0. release of the NetApp Console, the NetApp Console agent, and NetApp data services outbound internet access and the ability to contact the necessary endpoints. You need to ensure that the Console and any agents you install have the right network access to function property.
You'll need to set up network access for computers that access the NetApp Console as software as a service (SaaS) and for any Console agents you install on-premises or in the cloud. You may also need additional endpoints for certain NetApp data services, including Cloud Volumes ONTAP.
Update your endpoint list to the revised list for 4.0.0 and higher
Starting with version 4.0.0, Console agents require fewer endpoints. Existing deployments before 4.0.0 remain supported. After upgrading to 4.0.0 or later, you may remove the old endpoints from your allow list when convenient.
NetApp recommends that you update your firewall rules to use the revised endpoint list. The revised list is smaller, thus more secure and easier to manage.
-
Whitelist the endpoints in Supported endpoints for 4.0.0 and higher.
-
Restart the service manager 2 service on each agent by running the following command:
systemctl restart netapp-service-manager.service
-
Run the following command and verify that the agent's status shows as active(running):
_systemctl status netapp-service-manager.service
-
Remove the old endpoints from your allow list.
Endpoints contacted by the NetApp Console
Each computer that accesses the NetApp Console must have connections to the endpoints listed below.
The system contacts these endpoints in two scenarios:
-
From a computer accessing the NetApp Console as software as a service (SaaS).
-
From a computer directly accessing an agent host, either to log in and set it up or access the Console from the agent host.
Endpoints | Purpose |
---|---|
https://support.netapp.com |
To obtain licensing information and to send AutoSupport messages to NetApp support. |
https://*.api.bluexp.netapp.com |
To provide features and services within the NetApp Console. |
Choose between two sets of endpoints:
|
To obtain images for Console agent upgrades. NetApp recommends allowing Option 1 endpoints in your firewall as they are more secure and disallowing Option 2 endpoints, unless you are using Ransomware Resilience or Backup and Recovery. Note the following about these endpoints:
|
Endpoints contacted by the Console agent
You install the Console agent on-premises or in the cloud, and it contacts endpoints to complete Console-initiated actions.
Console agents need access to the same endpoints as the NetApp Console, plus additional endpoints if you deploy the agent in your cloud provider.
Agent endpoints for AWS
These endpoints are applicable for Console agents previous to 4.0.0.
Endpoints | Purpose |
---|---|
AWS services (amazonaws.com): |
To manage resources in AWS. The exact endpoint depends on the AWS region that you're using. Refer to AWS documentation for details |
https://support.netapp.com |
To obtain licensing information and to send AutoSupport messages to NetApp support. |
Choose between two sets of endpoints:
|
To obtain images for Console agent upgrades. NetApp recommends allowing Option 1 endpoints in your firewall as they are more secure and disallowing Option 2 endpoints, unless you are using Ransomware Resilience or Backup and Recovery. Note the following about these endpoints:
|
Agent endpoints For Azure
These endpoints apply to Console agents previous to 4.0.0.
Endpoints | Purpose |
---|---|
https://management.azure.com |
To manage resources in Azure public regions. |
https://management.chinacloudapi.cn |
To manage resources in Azure China regions. |
https://support.netapp.com |
To obtain licensing information and to send AutoSupport messages to NetApp support. |
Choose between two sets of endpoints:
|
To obtain images for Console agent upgrades. NetApp recommends allowing Option 1 endpoints in your firewall as they are more secure and disallowing Option 2 endpoints, unless you are using Ransomware Resilience or Backup and Recovery. Note the following about these endpoints:
|
Agent endpoints for Google Cloud
These endpoints apply to Console agents previous to 4.0.0.
Endpoints | Purpose |
---|---|
https://www.googleapis.com/compute/v1/ |
To manage resources in Google Cloud. |
https://support.netapp.com |
To obtain licensing information and to send AutoSupport messages to NetApp support. |
Choose between two sets of endpoints:
|
To obtain images for Console agent upgrades. NetApp recommends allowing Option 1 endpoints in your firewall as they are more secure and disallowing Option 2 endpoints. Note the following about these endpoints:
|