Solution architecture for StorageGRID WebScale

Contributors netapp-forry

The NetApp Data Availability Services (NDAS) solution for StorageGRID WebScale consists of three components: 1) an AWS cloud-resident app, which includes the orchestration user interface and a scalable catalog for intelligent searches, 2) an NDAS proxy service that is embedded within ONTAP on the target storage system, and 3) Copy to Cloud replication technology, an efficient and secure S3 data transport between ONTAP instances and the StorageGRID S3 object store.

The StorageGRID solution has the same requirements and workflow as the AWS cloud solution, except that an additional CA certificate security procedure is required to authenticate the ONTAP secondary (target) cluster with the StorageGRID target system.

StorageGRID Solution Architecture

You register and initiate NetApp Data Availability Services from a NetApp web page, where the app is deployed as an Amazon Machine Instance (AMI) and launched on an AWS compute resource (EC2). During initial setup and configuration, the app catalog is automatically configured and deployed using two EC2 instances as a two-node Elasticsearch cluster. For resiliency, the two EC2 instances are deployed in different subnets, with the two subnets in separate availability zones, but all are in the same region.

After the initial setup and installation of the app, you create a new user ID and password on the NDAS login screen. After the initial login, a set of wizard screens helps you connect ONTAP target clusters to their own StorageGRID object stores.

To establish secure data transfers across the hybrid cloud, the NDAS administrator generates a token in the NDAS app and provides it to an ONTAP administrator, who enters the encrypted token on the ONTAP target cluster in ONTAP System Manager. When the token is entered, the ONTAP target cluster initiates a request with the app to register the ONTAP target system. Once the token is received, the app approves the registration request and finalizes the configuration of secure and encrypted data pathways between the on-premises ONTAP target and the cloud app.

All secure data transfers and management messages between the ONTAP target cluster and NetApp Data Availability Services are encrypted over the wire using HTTPS with TLS encryption.