Launching Cloud Volumes ONTAP in Google Cloud
You can launch Cloud Volumes ONTAP in a single-node configuration or as an HA pair in Google Cloud.
Before you get started
You need the following to create a working environment.
-
A Connector that's up and running.
-
You should have a Connector that is associated with your project or workspace.
-
You should be prepared to leave the Connector running at all times.
-
The service account associated with the Connector should have the required permissions
-
-
An understanding of the configuration that you want to use.
You should have prepared by choosing a configuration and by obtaining Google Cloud networking information from your administrator. For details, refer to Planning your Cloud Volumes ONTAP configuration.
-
An understanding of what's required to set up licensing for Cloud Volumes ONTAP.
-
Google Cloud APIs should be enabled in your project:
-
Cloud Deployment Manager V2 API
-
Cloud Logging API
-
Cloud Resource Manager API
-
Compute Engine API
-
Identity and Access Management (IAM) API
-
Launching a single-node system in Google Cloud
Create a working environment in BlueXP to launch Cloud Volumes ONTAP in Google Cloud.
-
From the left navigation menu, select Storage > Canvas.
-
On the Canvas page, click Add Working Environment and follow the prompts.
-
Choose a Location: Select Google Cloud and Cloud Volumes ONTAP.
-
If you're prompted, create a Connector.
-
Details & Credentials: Select a project, specify a cluster name, optionally select a service account, optionally add labels, and then specify credentials.
The following table describes fields for which you might need guidance:
Field Description Working Environment Name
BlueXP uses the working environment name to name both the Cloud Volumes ONTAP system and the Google Cloud VM instance. It also uses the name as the prefix for the predefined security group, if you select that option.
Service Account Name
If you plan to use data tiering or BlueXP backup and recovery with Cloud Volumes ONTAP, then you need to enable Service Account and select a service account that has the predefined Storage Admin role. Learn how to create a service account.
Add Labels
Labels are metadata for your Google Cloud resources. BlueXP adds the labels to the Cloud Volumes ONTAP system and Google Cloud resources associated with the system.
You can add up to four labels from the user interface when creating a working environment, and then you can add more after its created. Note that the API does not limit you to four labels when creating a working environment.
For information about labels, refer to Google Cloud Documentation: Labeling Resources.User name and password
These are the credentials for the Cloud Volumes ONTAP cluster administrator account. You can use these credentials to connect to Cloud Volumes ONTAP through ONTAP System Manager or the ONTAP CLI. Keep the default admin user name or change it to a custom user name.
Edit Project
Select the project where you want Cloud Volumes ONTAP to reside. The default project is the project where BlueXP resides.
If you don't see any additional projects in the drop-down list, then you haven't yet associated the BlueXP service account with other projects. Go to the Google Cloud console, open the IAM service, and select the project. Add the service account with the BlueXP role to that project. You'll need to repeat this step for each project.
This is the service account that you set up for BlueXP, as described on this page. Click Add Subscription to associate the selected credentials with a subscription.
To create a pay-as-you-go Cloud Volumes ONTAP system, you need to select a Google Cloud project that's associated with a subscription to Cloud Volumes ONTAP from the Google Cloud Marketplace.
The following video shows how to associate a pay-as-you-go Marketplace subscription to your Google Cloud project. Alternatively, follow the steps to subscribe located in the Associating a Marketplace subscription with Google Cloud credentials section.
Subscribe to BlueXP from the Google Cloud Marketplace -
Services: Select the services that you want to use on this system. In order to select BlueXP backup and recovery, or to use BlueXP tiering, you must have specified the Service Account in step 3.
If you would like to utilize WORM and data tiering, you must disable BlueXP backup and recovery and deploy a Cloud Volumes ONTAP working environment with version 9.8 or above. -
Location & Connectivity: Select a location, choose a firewall policy, and confirm network connectivity to Google Cloud storage for data tiering.
The following table describes fields for which you might need guidance:
Field Description Connectivity verification
To tier cold data to a Google Cloud Storage bucket, the subnet in which Cloud Volumes ONTAP resides must be configured for Private Google Access. For instructions, refer to Google Cloud Documentation: Configuring Private Google Access.
Generated firewall policy
If you let BlueXP generate the firewall policy for you, you need to choose how you'll allow traffic:
-
If you choose Selected VPC only, the source filter for inbound traffic is the subnet range of the selected VPC and the subnet range of the VPC where the Connector resides. This is the recommended option.
-
If you choose All VPCs, the source filter for inbound traffic is the 0.0.0.0/0 IP range.
Use existing firewall policy
If you use an existing firewall policy, ensure that it includes the required rules. link: Learn about firewall rules for Cloud Volumes ONTAP.
-
-
Charging Methods and NSS Account: Specify which charging option would you like to use with this system, and then specify a NetApp Support Site account.
-
Preconfigured Packages: Select one of the packages to quickly deploy a Cloud Volumes ONTAP system, or click Create my own configuration.
If you choose one of the packages, you only need to specify a volume and then review and approve the configuration.
-
Licensing: Change the Cloud Volumes ONTAP version as needed and select a machine type.
If a newer Release Candidate, General Availability, or patch release is available for the selected version, then BlueXP updates the system to that version when creating the working environment. For example, the update occurs if you select Cloud Volumes ONTAP 9.13.1 and 9.13.1 P4 is available. The update does not occur from one release to another—for example, from 9.13 to 9.14. -
Underlying Storage Resources: Choose settings for the initial aggregate: a disk type and the size for each disk.
The disk type is for the initial volume. You can choose a different disk type for subsequent volumes.
The disk size is for all disks in the initial aggregate and for any additional aggregates that BlueXP creates when you use the simple provisioning option. You can create aggregates that use a different disk size by using the advanced allocation option.
For help choosing a disk type and size, refer to Size your system in Google Cloud.
-
Flash Cache, Write Speed & WORM:
-
Enable Flash Cache, if desired.
Starting with Cloud Volumes ONTAP 9.13.1, Flash Cache is supported on the n2-standard-16, n2-standard-32, n2-standard-48, and n2-standard-64 instance types. You cannot disable Flash Cache after deployment. -
Choose Normal or High write speed, if desired.
High write speed and a higher maximum transmission unit (MTU) of 8,896 bytes are available through the High write speed option. In addition, the higher MTU of 8,896 requires the selection of VPC-1, VPC-2 and VPC-3 for the deployment. For more information on VPC-1, VPC-2, and VPC-3, refer to Rules for VPC-1, VPC-2, and VPC-3. -
Activate write once, read many (WORM) storage, if desired.
WORM can't be enabled if data tiering was enabled for Cloud Volumes ONTAP versions 9.7 and below. Reverting or downgrading to Cloud Volumes ONTAP 9.8 is blocked after enabling WORM and tiering.
-
If you activate WORM storage, select the retention period.
-
-
Data Tiering in Google Cloud Platform: Choose whether to enable data tiering on the initial aggregate, choose a storage class for the tiered data, and then either select a service account that has the predefined Storage Admin role (required for Cloud Volumes ONTAP 9.7 or later), or select a Google Cloud account (required for Cloud Volumes ONTAP 9.6).
Note the following:
-
BlueXP sets the service account on the Cloud Volumes ONTAP instance. This service account provides permissions for data tiering to a Google Cloud Storage bucket. Be sure to add the Connector service account as a user of the tiering service account, otherwise, you can't select it from BlueXP
-
For help with adding a Google Cloud account, refer to Setting up and adding Google Cloud accounts for data tiering with 9.6.
-
You can choose a specific volume tiering policy when you create or edit a volume.
-
If you disable data tiering, you can enable it on subsequent aggregates, but you'll need to turn off the system and add a service account from the Google Cloud console.
-
-
Create Volume: Enter details for the new volume or click Skip.
Some of the fields in this page are self-explanatory. The following table describes fields for which you might need guidance:
Field Description Size
The maximum size that you can enter largely depends on whether you enable thin provisioning, which enables you to create a volume that is bigger than the physical storage currently available to it.
Access control (for NFS only)
An export policy defines the clients in the subnet that can access the volume. By default, BlueXP enters a value that provides access to all instances in the subnet.
Permissions and Users / Groups (for CIFS only)
These fields enable you to control the level of access to a share for users and groups (also called access control lists or ACLs). You can specify local or domain Windows users or groups, or UNIX users or groups. If you specify a domain Windows user name, you must include the user's domain using the format domain\username.
Snapshot Policy
A Snapshot copy policy specifies the frequency and number of automatically created NetApp Snapshot copies. A NetApp Snapshot copy is a point-in-time file system image that has no performance impact and requires minimal storage. You can choose the default policy or none. You might choose none for transient data: for example, tempdb for Microsoft SQL Server.
Advanced options (for NFS only)
Select an NFS version for the volume: either NFSv3 or NFSv4.
Initiator group and IQN (for iSCSI only)
iSCSI storage targets are called LUNs (logical units) and are presented to hosts as standard block devices.
Initiator groups are tables of iSCSI host node names and control which initiators have access to which LUNs.
iSCSI targets connect to the network through standard Ethernet network adapters (NICs), TCP offload engine (TOE) cards with software initiators, converged network adapters (CNAs) or dedicated host bust adapters (HBAs) and are identified by iSCSI qualified names (IQNs).
When you create an iSCSI volume, BlueXP automatically creates a LUN for you. We’ve made it simple by creating just one LUN per volume, so there’s no management involved. After you create the volume, use the IQN to connect to the LUN from your hosts.The following image shows the Volume page filled out for the CIFS protocol:
-
CIFS Setup: If you chose the CIFS protocol, set up a CIFS server.
Field Description DNS Primary and Secondary IP Address
The IP addresses of the DNS servers that provide name resolution for the CIFS server.
The listed DNS servers must contain the service location records (SRV) needed to locate the Active Directory LDAP servers and domain controllers for the domain that the CIFS server will join.
If you're configuring Google Managed Active Directory, AD can be accessed by default with the 169.254.169.254 IP address.Active Directory Domain to join
The FQDN of the Active Directory (AD) domain that you want the CIFS server to join.
Credentials authorized to join the domain
The name and password of a Windows account with sufficient privileges to add computers to the specified Organizational Unit (OU) within the AD domain.
CIFS server NetBIOS name
A CIFS server name that is unique in the AD domain.
Organizational Unit
The organizational unit within the AD domain to associate with the CIFS server. The default is CN=Computers.
To configure Google Managed Microsoft AD as the AD server for Cloud Volumes ONTAP, enter OU=Computers,OU=Cloud in this field.
Google Cloud Documentation: Organizational Units in Google Managed Microsoft ADDNS Domain
The DNS domain for the Cloud Volumes ONTAP storage virtual machine (SVM). In most cases, the domain is the same as the AD domain.
NTP Server
Select Use Active Directory Domain to configure an NTP server using the Active Directory DNS. If you need to configure an NTP server using a different address, then you should use the API. For information, refer to the BlueXP automation docs for details.
Note that you can configure an NTP server only when creating a CIFS server. It's not configurable after you create the CIFS server. -
Usage Profile, Disk Type, and Tiering Policy: Choose whether you want to enable storage efficiency features and change the volume tiering policy, if needed.
For more information, refer to Choose a volume usage profile and Data tiering overview.
-
Review & Approve: Review and confirm your selections.
-
Review details about the configuration.
-
Click More information to review details about support and the Google Cloud resources that BlueXP will purchase.
-
Select the I understand… check boxes.
-
Click Go.
-
BlueXP deploys the Cloud Volumes ONTAP system. You can track the progress in the timeline.
If you experience any issues deploying the Cloud Volumes ONTAP system, review the failure message. You can also select the working environment and click Re-create environment.
For additional help, go to NetApp Cloud Volumes ONTAP Support.
-
If you provisioned a CIFS share, give users or groups permissions to the files and folders and verify that those users can access the share and create a file.
-
If you want to apply quotas to volumes, use ONTAP System Manager or the ONTAP CLI.
Quotas enable you to restrict or track the disk space and number of files used by a user, group, or qtree.
Launching an HA pair in Google Cloud
Create a working environment in BlueXP to launch Cloud Volumes ONTAP in Google Cloud.
-
From the left navigation menu, select Storage > Canvas.
-
On the Canvas page, click Add Working Environment and follow the prompts.
-
Choose a Location: Select Google Cloud and Cloud Volumes ONTAP HA.
-
Details & Credentials: Select a project, specify a cluster name, optionally select a Service Account, optionally add labels, and then specify credentials.
The following table describes fields for which you might need guidance:
Field Description Working Environment Name
BlueXP uses the working environment name to name both the Cloud Volumes ONTAP system and the Google Cloud VM instance. It also uses the name as the prefix for the predefined security group, if you select that option.
Service Account Name
If you plan to use the BlueXP tiering or BlueXP backup and recovery services, you need to enable the Service Account switch and then select the Service Account that has the predefined Storage Admin role.
Add Labels
Labels are metadata for your Google Cloud resources. BlueXP adds the labels to the Cloud Volumes ONTAP system and Google Cloud resources associated with the system.
You can add up to four labels from the user interface when creating a working environment, and then you can add more after its created. Note that the API does not limit you to four labels when creating a working environment.
For information about labels, refer to Google Cloud Documentation: Labeling Resources.User name and password
These are the credentials for the Cloud Volumes ONTAP cluster administrator account. You can use these credentials to connect to Cloud Volumes ONTAP through ONTAP System Manager or the ONTAP CLI. Keep the default admin user name or change it to a custom user name.
Edit Project
Select the project where you want Cloud Volumes ONTAP to reside. The default project is the project where BlueXP resides.
If you don't see any additional projects in the drop-down list, then you haven't yet associated the BlueXP service account with other projects. Go to the Google Cloud console, open the IAM service, and select the project. Add the service account with the BlueXP role to that project. You'll need to repeat this step for each project.
This is the service account that you set up for BlueXP, as described on this page. Click Add Subscription to associate the selected credentials with a subscription.
To create a pay-as-you-go Cloud Volumes ONTAP system, you need to select a Google Cloud project that's associated with a subscription to Cloud Volumes ONTAP from the Google Cloud Marketplace.
The following video shows how to associate a pay-as-you-go Marketplace subscription to your Google Cloud project. Alternatively, follow the steps to subscribe located in the Associating a Marketplace subscription with Google Cloud credentials section.
Subscribe to BlueXP from the Google Cloud Marketplace -
Services: Select the services that you want to use on this system. In order to select BlueXP backup and recovery, or to use BlueXP Tiering, you must have specified the Service Account in step 3.
If you would like to utilize WORM and data tiering, you must disable BlueXP backup and recovery and deploy a Cloud Volumes ONTAP working environment with version 9.8 or above. -
HA Deployment Models: Choose multiple zones (recommended) or a single zone for the HA configuration. Then select a region and zones.
-
Connectivity: Select four different VPCs for the HA configuration, a subnet in each VPC, and then choose a firewall policy.
The following table describes fields for which you might need guidance:
Field Description Generated policy
If you let BlueXP generate the firewall policy for you, you need to choose how you'll allow traffic:
-
If you choose Selected VPC only, the source filter for inbound traffic is the subnet range of the selected VPC and the subnet range of the VPC where the Connector resides. This is the recommended option.
-
If you choose All VPCs, the source filter for inbound traffic is the 0.0.0.0/0 IP range.
Use existing
If you use an existing firewall policy, ensure that it includes the required rules. Learn about firewall rules for Cloud Volumes ONTAP.
-
-
Charging Methods and NSS Account: Specify which charging option would you like to use with this system, and then specify a NetApp Support Site account.
-
Preconfigured Packages: Select one of the packages to quickly deploy a Cloud Volumes ONTAP system, or click Create my own configuration.
If you choose one of the packages, you only need to specify a volume and then review and approve the configuration.
-
Licensing: Change the Cloud Volumes ONTAP version as needed and select a machine type.
If a newer Release Candidate, General Availability, or patch release is available for the selected version, then BlueXP updates the system to that version when creating the working environment. For example, the update occurs if you select Cloud Volumes ONTAP 9.13.1 and 9.13.1 P4 is available. The update does not occur from one release to another—for example, from 9.13 to 9.14. -
Underlying Storage Resources: Choose settings for the initial aggregate: a disk type and the size for each disk.
The disk type is for the initial volume. You can choose a different disk type for subsequent volumes.
The disk size is for all disks in the initial aggregate and for any additional aggregates that BlueXP creates when you use the simple provisioning option. You can create aggregates that use a different disk size by using the advanced allocation option.
For help choosing a disk type and size, refer to Size your system in Google Cloud.
-
Flash Cache, Write Speed & WORM:
-
Enable Flash Cache, if desired.
Starting with Cloud Volumes ONTAP 9.13.1, Flash Cache is supported on the n2-standard-16, n2-standard-32, n2-standard-48, and n2-standard-64 instance types. You cannot disable Flash Cache after deployment. -
Choose Normal or High write speed, if desired.
High write speed and a higher maximum transmission unit (MTU) of 8,896 bytes are available through the High write speed option with the n2-standard-16, n2-standard-32, n2-standard-48, and n2-standard-64 instance types. In addition, the higher MTU of 8,896 requires the selection of VPC-1, VPC-2 and VPC-3 for the deployment. High write speed and an MTU of 8,896 are feature-dependent and cannot be disabled individually within a configured instance. For more information on VPC-1, VPC-2, and VPC-3, refer to Rules for VPC-1, VPC-2, and VPC-3. -
Activate write once, read many (WORM) storage, if desired.
WORM can't be enabled if data tiering was enabled for Cloud Volumes ONTAP versions 9.7 and below. Reverting or downgrading to Cloud Volumes ONTAP 9.8 is blocked after enabling WORM and tiering.
-
If you activate WORM storage, select the retention period.
-
-
Data Tiering in Google Cloud: Choose whether to enable data tiering on the initial aggregate, choose a storage class for the tiered data, and then select a service account that has the predefined Storage Admin role.
Note the following:
-
BlueXP sets the service account on the Cloud Volumes ONTAP instance. This service account provides permissions for data tiering to a Google Cloud Storage bucket. Be sure to add the Connector service account as a user of the tiering service account, otherwise, you can't select it from BlueXP.
-
You can choose a specific volume tiering policy when you create or edit a volume.
-
If you disable data tiering, you can enable it on subsequent aggregates, but you'll need to turn off the system and add a service account from the Google Cloud console.
-
-
Create Volume: Enter details for the new volume or click Skip.
Some of the fields in this page are self-explanatory. The following table describes fields for which you might need guidance:
Field Description Size
The maximum size that you can enter largely depends on whether you enable thin provisioning, which enables you to create a volume that is bigger than the physical storage currently available to it.
Access control (for NFS only)
An export policy defines the clients in the subnet that can access the volume. By default, BlueXP enters a value that provides access to all instances in the subnet.
Permissions and Users / Groups (for CIFS only)
These fields enable you to control the level of access to a share for users and groups (also called access control lists or ACLs). You can specify local or domain Windows users or groups, or UNIX users or groups. If you specify a domain Windows user name, you must include the user's domain using the format domain\username.
Snapshot Policy
A Snapshot copy policy specifies the frequency and number of automatically created NetApp Snapshot copies. A NetApp Snapshot copy is a point-in-time file system image that has no performance impact and requires minimal storage. You can choose the default policy or none. You might choose none for transient data: for example, tempdb for Microsoft SQL Server.
Advanced options (for NFS only)
Select an NFS version for the volume: either NFSv3 or NFSv4.
Initiator group and IQN (for iSCSI only)
iSCSI storage targets are called LUNs (logical units) and are presented to hosts as standard block devices.
Initiator groups are tables of iSCSI host node names and control which initiators have access to which LUNs.
iSCSI targets connect to the network through standard Ethernet network adapters (NICs), TCP offload engine (TOE) cards with software initiators, converged network adapters (CNAs) or dedicated host bust adapters (HBAs) and are identified by iSCSI qualified names (IQNs).
When you create an iSCSI volume, BlueXP automatically creates a LUN for you. We’ve made it simple by creating just one LUN per volume, so there’s no management involved. After you create the volume, use the IQN to connect to the LUN from your hosts.The following image shows the Volume page filled out for the CIFS protocol:
-
CIFS Setup: If you chose the CIFS protocol, set up a CIFS server.
Field Description DNS Primary and Secondary IP Address
The IP addresses of the DNS servers that provide name resolution for the CIFS server.
The listed DNS servers must contain the service location records (SRV) needed to locate the Active Directory LDAP servers and domain controllers for the domain that the CIFS server will join.
If you're configuring Google Managed Active Directory, AD can be accessed by default with the 169.254.169.254 IP address.Active Directory Domain to join
The FQDN of the Active Directory (AD) domain that you want the CIFS server to join.
Credentials authorized to join the domain
The name and password of a Windows account with sufficient privileges to add computers to the specified Organizational Unit (OU) within the AD domain.
CIFS server NetBIOS name
A CIFS server name that is unique in the AD domain.
Organizational Unit
The organizational unit within the AD domain to associate with the CIFS server. The default is CN=Computers.
To configure Google Managed Microsoft AD as the AD server for Cloud Volumes ONTAP, enter OU=Computers,OU=Cloud in this field.
Google Cloud Documentation: Organizational Units in Google Managed Microsoft ADDNS Domain
The DNS domain for the Cloud Volumes ONTAP storage virtual machine (SVM). In most cases, the domain is the same as the AD domain.
NTP Server
Select Use Active Directory Domain to configure an NTP server using the Active Directory DNS. If you need to configure an NTP server using a different address, then you should use the API. Refer to the BlueXP automation docs for details.
Note that you can configure an NTP server only when creating a CIFS server. It's not configurable after you create the CIFS server. -
Usage Profile, Disk Type, and Tiering Policy: Choose whether you want to enable storage efficiency features and change the volume tiering policy, if needed.
For more information, refer to Choose a volume usage profile, Data tiering overview, and KB: What Inline Storage Efficiency features are supported with CVO?
-
Review & Approve: Review and confirm your selections.
-
Review details about the configuration.
-
Click More information to review details about support and the Google Cloud resources that BlueXP will purchase.
-
Select the I understand… check boxes.
-
Click Go.
-
BlueXP deploys the Cloud Volumes ONTAP system. You can track the progress in the timeline.
If you experience any issues deploying the Cloud Volumes ONTAP system, review the failure message. You can also select the working environment and click Re-create environment.
For additional help, go to NetApp Cloud Volumes ONTAP Support.
-
If you provisioned a CIFS share, give users or groups permissions to the files and folders and verify that those users can access the share and create a file.
-
If you want to apply quotas to volumes, use ONTAP System Manager or the ONTAP CLI.
Quotas enable you to restrict or track the disk space and number of files used by a user, group, or qtree.