Tiering data from on-premises ONTAP clusters to S3 object storage

Contributors netapp-tonacki Download PDF of this page

Free space on your on-prem ONTAP clusters by tiering inactive data to any Object Storage service which uses the Simple Storage Service (S3) protocol.

Quick start

Get started quickly by following these steps or scroll down to the remaining sections for full details.

number 1 Prepare to tier data to S3-compatible object storage

You need the following:

  • An AFF or FAS system with all-SSD aggregates that’s running ONTAP 9.4 or later, and a connection over a user-specified port to the S3-compatible object storage. Learn how to discover a cluster.

  • The FQDN, Access Key, and Secret Key for the object storage server so that Cloud Tiering can access the bucket.

  • A Connector installed on your premises.

  • Networking for the Connector that enables an outbound HTTPS connection to the ONTAP cluster, to the S3-compatible object storage, and to the Cloud Tiering service.

number 2 Set up tiering

In Cloud Manager, select an on-prem working environment, click Enable, and follow the prompts to tier data to S3-compatible object storage.


Verify support for your ONTAP cluster, set up your networking, and prepare your object storage.

The following image shows each component and the connections that you need to prepare between them:

An architecture image that shows the Cloud Tiering service with a connection to the Connector on your premises, the Connector with a connection to your ONTAP cluster, and a connection between the ONTAP cluster and object storage. Active data resides on the ONTAP cluster, while inactive data resides in object storage.

Communication between the Connector and the S3-compatible object storage server is for object storage setup only.

Preparing your ONTAP clusters

Your ONTAP clusters must meet the following requirements when tiering data to S3-compatible object storage.

Supported ONTAP platforms

Cloud Tiering supports AFF systems and all-SSD aggregates on FAS systems.

Supported ONTAP version

ONTAP 9.4 or later


A FabricPool BYOL license is required on the ONTAP cluster when tiering data to S3-compatible object storage. If you don’t currently have a FabricPool license, see how to add a tiering license now.

Cluster networking requirements
  • The ONTAP cluster initiates an HTTPS connection over a user-specified port to S3-compatible object storage (the port is configurable during tiering setup).

    ONTAP reads and writes data to and from object storage. The object storage never initiates, it just responds.

  • An inbound connection is required from the Connector, which must reside on your premises.

    A connection between the cluster and the Cloud Tiering service is not required.

  • An intercluster LIF is required on each ONTAP node that hosts the volumes you want to tier. The LIF must be associated with the IPspace that ONTAP should use to connect to object storage.

    When you set up data tiering, Cloud Tiering prompts you for the IPspace to use. You should choose the IPspace that each LIF is associated with. That might be the "Default" IPspace or a custom IPspace that you created. Learn more about LIFs and IPspaces.

Supported volumes and aggregates

The total number of volumes that Cloud Tiering can tier might be less than the number of volumes on your ONTAP system. That’s because volumes can’t be tiered from some aggregates. Refer to ONTAP documentation for functionality or features not supported by FabricPool.

Cloud Tiering supports FlexGroup volumes, starting with ONTAP 9.5. Setup works the same as any other volume.

Discovering an ONTAP cluster

You need to create an on-prem ONTAP working environment in Cloud Manager before you can start tiering cold data.

Preparing S3-compatible object storage

S3-compatible object storage must meet the following requirements.

S3 credentials

When you set up tiering to S3-compatible object storage, you’re prompted to create an S3 bucket or to select an existing S3 bucket. You need to provide Cloud Tiering with an S3 access key and secret key. Cloud Tiering uses the keys to access your bucket.

These access keys must be associated with a user who has the following permissions:


Creating or switching Connectors

A Connector is required to tier data to the cloud. When tiering data to S3-compatible object storage, a Connector must be available on your premises. You’ll either need to install a new Connector or make sure that the currently selected Connector resides on-prem.

Preparing networking for the Connector

Ensure that the Connector has the required networking connections.

  1. Ensure that the network where the Connector is installed enables the following connections:

    • An outbound internet connection to the Cloud Tiering service over port 443 (HTTPS)

    • An HTTPS connection over port 443 to S3-compatible object storage

    • An HTTPS connection over port 443 to your ONTAP clusters

Tiering inactive data from your first cluster to S3-compatible object storage

After you prepare your environment, start tiering inactive data from your first cluster.

What you’ll need
  1. Select an on-prem cluster.

  2. Click Enable for the Tiering service.

    A screenshot that shows the Setup Tiering option that appears on the right side of the screen after you select an on-prem ONTAP working environment.

  3. Choose your provider: Select S3 Compatible and click Continue.

  4. Complete the steps on the Tiering Setup page:

    1. Server: Enter the FQDN of the S3-compatible object storage server, the port that ONTAP should use for HTTPS communication with the server, and the access key and secret key for an account that has the required S3 permissions.

    2. Bucket: Add a new bucket or select an existing bucket that starts with the prefix fabric-pool and click Continue.

      The fabric-pool prefix is required because the IAM policy for the Connector enables the instance to perform S3 actions on buckets named with that exact prefix. For example, you could name the S3 bucket fabric-pool-AFF1, where AFF1 is the name of the cluster.

    3. Cluster Network: Select the IPspace that ONTAP should use to connect to object storage and click Continue.

      Selecting the correct IPspace ensures that Cloud Tiering can set up a connection from ONTAP to your S3-compatible object storage.

  5. On the Success page click Continue to set up your volumes now.

  6. On the Tier Volumes page, select the volumes that you want to configure tiering for and click Continue:

    • To select all volumes, check the box in the title row (button backup all volumes) and click Configure volumes.

    • To select multiple volumes, check the box for each volume (button backup 1 volume) and click Configure volumes.

    • To select a single volume, click the row (or edit pencil icon icon) for the volume.

      A screenshot that shows how to select a single volume, multiple volume, or all volumes, and the modify selected volumes button.

  7. In the Tiering Policy dialog, select a tiering policy, optionally adjust the cooling days for the selected volumes, and click Apply.

    A screenshot that shows the configurable tiering policy settings.


You’ve successfully set up data tiering from volumes on the cluster to S3-compatible object storage.

What’s next?

You can add additional clusters or review information about the active and inactive data on the cluster. For details, see Managing data tiering from your clusters.