Supplemental NFS Datastore Option in AWS

Contributors kevin-hoke

After VMware Cloud is ready and connected to AWS VPC, you must deploy Amazon FSx for NetApp ONTAP into a newly designated VPC rather than the original connected or existing default VPC.

To start, deploy an additional VPC in the same region and availability zone where SDDC resides, and then deploy Amazon FSx for NetApp ONTAP into the new VPC. Configuration of an SDDC group in the VMware Cloud console enables the networking configuration options required to connect to the newly designated VPC where FSx for ONTAP will be deployed.

Note Deploy FSx for ONTAP in the same Availably Zone as VMware Cloud on AWS SDDC.
Note You cannot deploy FSx for ONTAP in the Connected VPC. Instead, you must deploy it in a new, designated VPC and then connect the VPC to a VMware Managed Transit Gateway (vTGW) via SDDC groups.
Step 1: Create Amazon FSx for ONTAP in a new, designated VPC

To create and mount the Amazon FSx for NetApp ONTAP file system, complete the following steps:

  1. Open the Amazon FSx console at https://console.aws.amazon.com/fsx/ and choose Create file system to start the File System Creation wizard.

  2. On the Select File System Type page, select Amazon FSx for NetApp ONTAP and then click Next. The Create File System page appears.

    Error: Missing Graphic Image

  3. For the creation method, choose Standard Create.

    Error: Missing Graphic Image

    Error: Missing Graphic Image

    Note The datastore sizes vary quite a bit from customer to customer. Although the recommended number of virtual machines per NFS datastore is subjective, many factors determine the optimum number of VMs that can be placed on each datastore. Although most administrators only consider capacity, the amount of concurrent I/O being sent to the VMDKs is one of the most important factors for overall performance. Use performance statistics from on-premises to size the datastore volumes accordingly.
  4. In the Networking section for Virtual Private Cloud (VPC), choose the appropriate VPC and preferred subnets along with the route table. In this case, Demo- FSxforONTAP-VPC is selected from the dropdown menu.

    Note Make sure this is a new, designated VPC and not the connected VPC.
    Note By default, FSx for ONTAP uses 198.19.0.0/16 as the default endpoint IP address range for the file system. Make sure that the Endpoint IP address range does not conflict with the VMC on the AWS SDDC, associated VPC subnets and on-premises infrastructure. If you are unsure, use a non-overlapping range with no conflicts.

    Error: Missing Graphic Image

  5. In the Security & Encryption section for the encryption key, choose the AWS Key Management Service (AWS KMS) encryption key that protects the file system’s data at rest. For the File System Administrative Password, enter a secure password for the fsxadmin user.

    Error: Missing Graphic Image

  6. In the Default Storage Virtual Machine Configuration section, specify the name of the SVM.

    Note As of GA, four NFS datastores are supported.

    Error: Missing Graphic Image

  7. In the Default Volume Configuration section, specify the volume name and size required for datastore and click Next. This should be an NFSv3 volume. For Storage Efficiency, choose Enabled to turn on the ONTAP storage efficiency features (compression, deduplication, and compaction). After creation, use the shell to modify the volume parameters using volume modify as follows:

    Setting Configuration

    Volume guarantee (Space Guarantee Style)

    None (thin provisioned) – set by default

    fractional_reserve (fractional-reserve)

    0% – set by default

    snap_reserve (percent-snapshot-space)

    0%

    Autosize (autosize-mode)

    grow_shrink

    Storage efficiency

    Enabled – set by default

    Autodelete

    volume / oldest_first

    Volume Tiering Policy

    Snapshot only – set by default

    try_first

    Autogrow

    Snapshot policy

    None

    Use the following SSH command to create and modify volumes:

    Command to create new datastore volume from shell:

    volume create -vserver FSxONTAPDatastoreSVM -volume DemoDS002 -aggregate aggr1 -size 1024GB -state online -tiering-policy snapshot-only -percent-snapshot-space 0 -autosize-mode grow -snapshot-policy none -junction-path /DemoDS002

    Note: The volumes created via shell will take few minutes to show up in the AWS Console.

    Command to modify volume parameters which are not set by default:

    volume modify -vserver FSxONTAPDatastoreSVM -volume DemoDS002 -fractional-reserve 0
    volume modify -vserver FSxONTAPDatastoreSVM -volume DemoDS002 -space-mgmt-try-first vol_grow
    volume modify -vserver FSxONTAPDatastoreSVM -volume DemoDS002 -autosize-mode grow

    Error: Missing Graphic Image

    Error: Missing Graphic Image

    Note During initial migration scenario, the default snapshot policy can cause datastore capacity full issues. To overcome it, modify the snapshot policy to suit the needs.
  8. Review the file system configuration shown on the Create File System page.

  9. Click Create File System.

    Error: Missing Graphic Image

    Error: Missing Graphic Image

    Note Repeat the previous steps to create more storage virtual machines or file systems and the datastore volumes according to the capacity and performance requirements.

To learn about Amazon FSx for ONTAP performance, see Amazon FSx for NetApp ONTAP performance.

Step 2: Create SDDC group

After the file systems and SVMs have been created, use VMware Console to create an SDDC group and to configure VMware Transit Connect. To do so, complete the following steps and remember that you must navigate between the VMware Cloud Console and the AWS Console.

  1. Log into the VMC Console at https://vmc.vmware.com.

  2. On the Inventory page, click SDDC Groups.

  3. On the SDDC Groups tab, click ACTIONS and select Create SDDC Group. For demo purposes, the SDDC group is called FSxONTAPDatastoreGrp.

  4. On the Membership grid, select the SDDCs to include as group members.

    Error: Missing Graphic Image

  5. Verify that “Configuring VMware Transit Connect for your group will incur charges per attachment and data transfers” is checked, then select Create Group. The process can take a few minutes to complete.

    Error: Missing Graphic Image

Step 3: Configure VMware Transit connect
  1. Attach the newly created designated VPC to the SDDC group. Select the External VPC tab and follow the instructions for attaching an External VPC to the group. This process can take 10-15 minutes to complete.

    Error: Missing Graphic Image

  2. Click Add Account.

    1. Provide the AWS account that was used to provision the FSx for ONTAP file system.

    2. Click Add.

  3. Back in the AWS console, log into the same AWS account and navigate to the Resource Access Manager service page. There is a button for you to accept the resource share.

    Error: Missing Graphic Image

    Note As part of the external VPC process, you’ll be prompted via the AWS console to a new shared resource via the Resource Access Manager. The shared resource is the AWS Transit Gateway managed by VMware Transit Connect.
  4. Click Accept resource share.

    Error: Missing Graphic Image

  5. Back in the VMC Console, you now see that the External VPC is in an associated state. This can take several minutes to appear.

Step 4: Create transit gateway attachment
  1. In the AWS Console, go to the VPC service page and navigate to the VPC that was used for provisioning the FSx file system. Here you create a transit gateway attachment by clicking Transit Gateway Attachment on the navigation pane on the right.

  2. Under VPC Attachment, make sure that DNS Support is checked and select the VPC in which FSx for ONTAP was deployed.

    Error: Missing Graphic Image

  3. Click Create transit gateway attachment.

    Error: Missing Graphic Image

  4. Back in the VMware Cloud Console, navigate back to SDDC Group > External VPC tab. Select the AWS account ID used for FSx and click the VPC and click Accept.

    Error: Missing Graphic Image

    Error: Missing Graphic Image

    Note This option may take a several minutes to appear.
  5. Then in the External VPC tab in the Routes column, click the Add Routes option and add in the required routes:

    • A route for the floating IP range for Amazon FSx for NetApp ONTAP floating IPs.

    • A route for the newly created external VPC address space.

      Error: Missing Graphic Image

      Error: Missing Graphic Image

Step 5: Configure routing (AWS VPC and SDDC) and security groups
  1. In the AWS Console, create the route back to the SDDC by locating the VPC in the VPC service page and select the main route table for the VPC.

  2. Browse to the route table in the lower panel and click Edit routes.

    Error: Missing Graphic Image

  3. In the Edit routes panel, click Add route and enter the CIDR for the SDDC infrastructure by selecting Transit Gateway, and the associated TGW ID. Click Save changes.

    Error: Missing Graphic Image

  4. Next step is to verify that the security group in the associated VPC is updated with the correct inbound rules for the SDDC Group CIDR.

  5. Update the inbound rule with the CIDR block of the SDDC infrastructure.

    Error: Missing Graphic Image

    Note Verify that the VPC (where FSx for ONTAP resides) route table is updated to avoid connectivity issues.
    Note Update the security group to accept NFS traffic.

This is the final step in preparing the connectivity to the appropriate SDDC. With the file system configured, routes added, and security groups updated, it’s time to mount the datastore(s).

Step 6: Attach NFS volume as a datastore to SDDC cluster

After the file system is provisioned and the connectivity is in place, access VMware Cloud Console to mount the NFS datastore.

  1. In the VMC Console, open the Storage tab of the SDDC.

    Error: Missing Graphic Image

  2. Click ATTACH DATASTORE and fill in the required values.

    Note NFS server address is the NFS IP address which can be found under the FSx > Storage virtual machines tab > Endpoints within AWS console.

    Error: Missing Graphic Image

  3. Click ATTACH DATASTORE to attach the datastore to the cluster.

    Error: Missing Graphic Image

  4. Validate the NFS datastore by accessing vCenter as shown below:

    Error: Missing Graphic Image