Skip to main content
Cloud Manager 3.7
A newer release of this product is available.

Networking requirements for Cloud Volumes ONTAP in Azure

Contributors netapp-bcammett

Set up your Azure networking so Cloud Volumes ONTAP systems can operate properly.

Outbound internet access for Cloud Volumes ONTAP

Cloud Volumes ONTAP requires outbound internet access to send messages to NetApp AutoSupport, which proactively monitors the health of your storage.

Routing and firewall policies must allow HTTP/HTTPS traffic to the following endpoints so Cloud Volumes ONTAP can send AutoSupport messages:

  • https://support.netapp.com/aods/asupmessage

  • https://support.netapp.com/asupprod/post/1.0/postAsup

Security groups

You do not need to create security groups because Cloud Manager does that for you. If you need to use your own, refer to Security group rules.

Number of IP addresses

Cloud Manager allocates the following number of IP addresses to Cloud Volumes ONTAP in Azure:

  • Single node: 5 IP addresses

  • HA pair: 16 IP addresses

    Note that Cloud Manager creates an SVM management LIF on HA pairs, but not on single node systems in Azure.

    Tip A LIF is an IP address associated with a physical port. An SVM management LIF is required for management tools like SnapCenter.
Connection from Cloud Volumes ONTAP to Azure Blob storage for data tiering

If you want to tier cold data to Azure Blob storage, you don't need to set up a connection between the performance tier and the capacity tier as long as Cloud Manager has the required permissions. Cloud Manager enables a VNet service endpoint for you if the Cloud Manager policy has these permissions:

"Microsoft.Network/virtualNetworks/subnets/write",
"Microsoft.Network/routeTables/join/action",

These permissions are included in the latest Cloud Manager policy.

For details about setting up data tiering, see Tiering cold data to low-cost object storage.

Connections to ONTAP systems in other networks

To replicate data between a Cloud Volumes ONTAP system in Azure and ONTAP systems in other networks, you must have a VPN connection between the Azure VNet and the other network—for example, an AWS VPC or your corporate network.

For instructions, refer to Microsoft Azure Documentation: Create a Site-to-Site connection in the Azure portal.