Skip to main content

Components for deployment

Contributors netapp-manini netapp-aruldeepa

This section lists the components required to enable NetApp Keystone STaaS services in your environment.

Site requirements

There are some site-specific requirements, such as space, racks, PDUs, power, and cooling, with additional network and security requirements discussed here.


Floor space to host the Keystone infrastructure equipment (to be provided by customers). NetApp provides the weight specifications based on the final configuration.


Four post racks in the customer-operated offering (to be provided by customers). In the NetApp-operated offering, either NetApp or the customer can provide the racks, depending on requirements. NetApp provides 42 deep racks.


You should provide the power distribution units (PDUs), connected to two separate, protected circuits with sufficient C13 outlets. In the customer-operated offering, in some cases, C19 outlets are required. In the NetApp-operated offering, either NetApp or the customer can provide the PDUs, depending on requirements.


You should provide the required power. NetApp will provide the power requirement specifications based on 200V rating (Typical A, Max A, Typical W, Max W, Power cord type, and quantity), based on the final configuration. All components have redundant power supplies. NetApp will provide the in-cabinet power cords.


NetApp can provide the cooling requirement specifications (Typical BTU, Max BTU), based on the final configuration and requirement.

Storage virtual machines

A storage virtual machine (storage VM) is required for the deployment of the Keystone Collector and the AIOPs solution gateway. The prerequisites for installing Keystone Collector are available here: Installation guide for Keystone Collector. The other requirements are shared during deployment.

Deployment Options

The Keystone Collector can be deployed through the following methods:

  • VMware OVA template (VMware vCenter Server 6.7 or later is required)

  • Customer provides Red Hat Enterprise Linux 7 or 8 or CentOS 7 Linux server. The Keystone software is installed via .rpm installation process.

AIOPs solution gateway is deployed on the following configuration:

  • VMware OVA template (VMware vCenter Server 6.7 or later is required)

  • Bootable .iso installer for

    • Citrix XenServer

    • Microsoft Hyper-V

    • Kernel-based Virtual Machine (Linux KVM)


Outbound access is required to the following services for operations and maintenance of the Keystone Collector and AIOPs solution gateway:

  • (usage data upload)

  • (software updates)

  • (software updates)

Depending on customer requirements and the storage controllers used, NetApp can provide 10 GB, 40 GB, and 100 GB connectivity at the customer's site.

NetApp provides the required transceivers for NetApp-provided infrastructure devices only. You should supply transceivers required for customer devices and cabling to the NetApp-provided Keystone infrastructure devices.

Remote access requirement

Network connectivity is required between the storage infrastructure installed at the customer data center or customer owned co-located services, and Keystone operations center. The customer is responsible for providing the compute and virtual machines, and the internet services. The network design should be over a secured protocol and firewall policies will be approved by both NetApp and customers.

NetApp needs to access the hardware and software components installed for monitoring and management to provide services such as monitoring and billing to Keystone customers. The most common method is to establish a virtual private network (VPN) connection to the customer network and access the required data. To overcome any operational complexity perceived by customers to arise from opening firewall ports to new services, the monitoring tools initiate an external connection. NetApp cloud applications, such as AIOPs solution and Zuora, use this connection to perform their respective services. This method meets the customer requirement of not opening firewall ports though providing access to the monitoring components that are part of this service.