This documentation is for a previous release of Cloud Manager.
Go to the docs for the latest release.

Getting started with ONTAP Cloud in Azure

Contributors netapp-bcammett

Getting started with ONTAP Cloud includes preparing your Azure environment, launching the OnCommand Cloud Manager software from NetApp Cloud Central, and then launching ONTAP Cloud systems using Cloud Manager.

Verifying your networking

You must choose the Azure VNet and subnets in which you want to deploy Cloud Manager and ONTAP Cloud. At a minimum, your networking must meet the following requirements:

  • Outbound internet access

    The target VNet must have one or more subnets that have outbound internet access so Cloud Manager and ONTAP Cloud can contact several endpoints. To review the list of endpoints, see Azure networking requirements.

  • Connections between networks

For additional networking information, see Azure networking requirements.

Granting Azure permissions to Cloud Manager

Cloud Manager needs permissions to perform actions in Azure. You must grant the required permissions by creating and setting up a service principal in Azure Active Directory and by obtaining the Azure credentials that Cloud Manager needs.

About this task

The following image depicts how Cloud Manager obtains permissions to perform operations in Azure. A service principal object, which is tied to one or more Azure subscriptions, represents Cloud Manager in Azure Active Directory and is assigned to a custom role that allows the required permissions.

Conceptual image that shows Cloud Manager obtaining authentication and authorization from Azure Active Directory before it can make an API call. In Active Directory, the Cloud Manager Operator role defines permissions. It is tied to one or more Azure subscriptions and a service principal object that represents the Cloud Manger application.

Note The following steps use the new Azure portal. If you experience any issues, you should use the Azure classic portal.

Creating a custom role with the required Cloud Manager permissions

A custom role is required to provide Cloud Manager with the permissions that it needs to launch and manage ONTAP Cloud in Azure.

  1. Download the Cloud Manager Azure policy.

  2. Modify the JSON file by adding Azure subscription IDs to the assignable scope.

    You should add the ID for each Azure subscription from which users will create ONTAP Cloud systems.


    "AssignableScopes": [

  3. Use the JSON file to create a custom role in Azure.

    The following example shows how to create a custom role using the Azure CLI 2.0:

    az role definition create --role-definition C:\Policy_for_Cloud_Manager_Azure_3_4_5.json


You should now have a custom role called OnCommand Cloud Manager Operator.

Creating an Active Directory service principal

You must create an Active Directory service principal so Cloud Manager can authenticate with Azure Active Directory.

Before you begin

You must have the appropriate permissions in Azure to create an Active Directory application and to assign the application to a role. For details, refer to Microsoft Azure Documentation: Use portal to create Active Directory application and service principal that can access resources

  1. From the Azure portal, open the Azure Active Directory service.

    Shows the Active Directory service in Microsoft Azure.

  2. In the menu, click App registrations.

  3. Create the service principal:

    1. Click New application registration.

    2. Enter a name for the application, keep Web app / API selected, and then enter any URL—for example, http://url

    3. Click Create.

  4. Modify the application to add the required permissions:

    1. Select the created application.

    2. Under Settings, click Required permissions and then click Add.

      Shows the settings for an Active Directory application in Microsoft Azure and highlights the option to add required permissions for API access.

    3. Click Select an API, select Windows Azure Service Management API, and then click Select.

      Shows the API to select in Microsoft Azure when adding API access to the Active Directory application. The API is the Windows Azure Service Management API.

    4. Click Access Azure Service Management as organization users, click Select and then click Done.

  5. Create a key for the service principal:

    1. Under Settings, click Keys.

    2. Enter a description, select a duration, and then click Save.

    3. Copy the key value.

      You need to enter the key value in Cloud Manager when you create user accounts for this subscription.

    4. Click Properties and then copy the application ID for the service principal.

      Similar to the key value, you need to enter the application ID in Cloud Manager when you create user accounts for this subscription.

      Shows the application ID for an Azure Active Directory service principal.

  6. Obtain the Active Directory tenant ID for your organization:

    1. In the Active Directory menu, click Properties.

    2. Copy the Directory ID.

      Shows the Active Directory properties in the Azure portal and the Directory ID that you need to copy.

      Just like the application ID and application key, you must enter the Active Directory tenant ID when you create Cloud Manager user accounts.


You should now have an Active Directory service principal and you should have copied the application ID, the application key, and the Active Directory tenant ID. You need to enter this information in Cloud Manager when you set up user accounts.

Assigning the Cloud Manager Operator role to the service principal

You must bind the service principal to one or more Azure subscriptions and assign it the Cloud Manager Operator role so Cloud Manager has permissions in Azure.

About this task

If you want to deploy ONTAP Cloud from multiple Azure subscriptions, then you must bind the service principal to each of those subscriptions. Cloud Manager enables you to select the subscription that you want to use when deploying ONTAP Cloud.

  1. From the Azure portal, select Subscriptions in the left pane.

  2. Select the subscription.

  3. Click Access control (IAM) and then click Add.

  4. Select the OnCommand Cloud Manager Operator role.

  5. Search for the name of the application (you cannot find it in the list by scrolling).

  6. Select the application, click Select, and then click OK.


The service principal for Cloud Manager now has the required Azure permissions.

Installing and setting up Cloud Manager in Azure

You need to install and set up Cloud Manager so you can use it to launch ONTAP Cloud in Azure.

  1. Go to NetApp Cloud Central and sign up or log in.

  2. Under ONTAP Cloud, click Start Free Trial.

  3. Select Microsoft Azure to deploy Cloud Manager from the Azure Marketplace.

  4. Click Get it now and then click Continue.

  5. From the Azure portal, click Create and follow the steps to configure the virtual machine.

    Note the following as you configure the virtual machine:

    • Cloud Manager can perform optimally with either HDD or SSD disks.

    • You should choose one of the recommended virtual machine sizes: A2 or D2_v2.

    • For the network security group, it is best to choose Advanced. The Advanced option creates a new security group that includes the required inbound rules for Cloud Manager. If you choose Basic, refer to Security group rules for the list of required rules.

  6. Review your selections and click OK.


    Screen shot: Shows an example of the settings when deploying OnCommand Cloud Manager in Microsoft Azure.

  7. Click Purchase.

    Azure launches the virtual machine with the specified settings. The virtual machine and Cloud Manager software should be running in approximately five minutes.

  8. Open a web browser from a host that has a connection to the Cloud Manager virtual machine and enter the following URL:


    When you log in, Cloud Manager automatically adds your user account as the administrator for this system.

  9. After you log in, enter a name for the Cloud Manager system.


Cloud Manager is now installed and set up so users can deploy ONTAP Cloud in Azure.

Deploying ONTAP Cloud in Azure

You can deploy ONTAP Cloud in Azure to provide enterprise-class features for your cloud storage.

  1. On the Working Environments page in Cloud Manager, click Create.

  2. Under Create, select ONTAP Cloud for Azure.

  3. Complete the steps in the wizard to launch the system.

    Note the following as you complete the wizard:

    • The predefined network security group includes the rules that ONTAP Cloud needs to operate successfully. If you need to use your own, refer to Security group rules.

    • The underlying Azure disk type is for the initial ONTAP Cloud volume. You can choose a different disk type for subsequent volumes.

    • The performance of Azure Premium Storage is tied to the disk size. Larger disks provide higher IOPS and throughput.

    • The disk size is the default size for all disks on the system.

      Tip If you need a different size later, you can use the Advanced allocation option to create an aggregate that uses disks of a specific size.

      The following video shows how to deploy ONTAP Cloud in Azure.


Cloud Manager deploys the ONTAP Cloud system. You can track the progress in the timeline.