Important changes in Cloud Manager
This page highlights important changes in Cloud Manager that can help you use the service as we introduce new enhancements. You should continue to read the What's new page to learn about all new features and enhancements.
SaaS changes
We have introduced a software-as-a-service experience for Cloud Manager. This new experience makes it easier for you to use Cloud Manager and enables us to provide additional features to manage your hybrid cloud infrastructure.
Machine type changes
To ensure that adequate resources are available for new and upcoming features in Cloud Manager, we've changed the minimum required instance, VM, and machine type as follows:
-
AWS: t3.xlarge
-
Azure: DS3 v2
-
GCP: n1-standard-4
When you upgrade the machine type, you'll get access to features like a new Kubernetes experience, Global File Cache, Monitoring, and more.
These default sizes are the minimum supported based on CPU and RAM requirements.
Cloud Manager will prompt you with instructions to change the machine type of the Connector.
Account settings
We introduced Cloud Central accounts to provide multi-tenancy, to help you organize users and resources in isolated workspaces, and to manage access to Connectors and subscriptions.
New permissions
Cloud Manager occasionally requires additional cloud provider permissions as we introduce new features and enhancements. This section identifies new permissions that are now required.
You can find the latest list of permissions on the Cloud Manager policies page.
AWS
Starting with the 3.8.1 release, the following permissions are required to use Backup to Cloud with Cloud Volumes ONTAP. Learn more.
{
"Sid": "backupPolicy",
"Effect": "Allow",
"Action": [
"s3:DeleteBucket",
"s3:GetLifecycleConfiguration",
"s3:PutLifecycleConfiguration",
"s3:PutBucketTagging",
"s3:ListBucketVersions",
"s3:GetObject",
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetBucketTagging",
"s3:GetBucketLocation",
"s3:GetBucketPolicyStatus",
"s3:GetBucketPublicAccessBlock",
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
"s3:PutBucketPublicAccessBlock"
],
"Resource": [
"arn:aws:s3:::netapp-backup-*"
]
},
Azure
-
To avoid Azure deployment failures, make sure that your Cloud Manager policy in Azure includes the following permission:
"Microsoft.Resources/deployments/operationStatuses/read"
-
Starting with the 3.8.7 release, the following permission is required to encrypt Azure managed disks on single node Cloud Volumes ONTAP systems using external keys from another account. Learn more.
"Microsoft.Compute/diskEncryptionSets/read"
-
The following permissions are required to enable Global File Cache on Cloud Volumes ONTAP. Learn more.
"Microsoft.Resources/deployments/operationStatuses/read", "Microsoft.Insights/Metrics/Read", "Microsoft.Compute/virtualMachines/extensions/write", "Microsoft.Compute/virtualMachines/extensions/read", "Microsoft.Compute/virtualMachines/extensions/delete", "Microsoft.Compute/virtualMachines/delete", "Microsoft.Network/networkInterfaces/delete", "Microsoft.Network/networkSecurityGroups/delete", "Microsoft.Resources/deployments/delete",
GCP
New permissions for Kubernetes management
Starting with the 3.8.8 release, the service account for a Connector requires the following permissions to discover and manage Kubernetes clusters running in Google Kubernetes Engine (GKE):
- container.*
New permissions for data tiering
Starting with the 3.8 release, the following permissions are required to use a service account for data tiering. Learn more.
- storage.buckets.update
- compute.instances.setServiceAccount
- iam.serviceAccounts.getIamPolicy
- iam.serviceAccounts.list
New endpoints
The Connector requires outbound internet access to manage resources and processes within your public cloud environment. This section identifies new endpoints that are now required.
You can find the full list of endpoints accessed from your web browser here and the full list of endpoints accessed by the Connector here.
-
Users need to access Cloud Manager from a web browser by contacting the following endpoint:
https://cloudmanager.netapp.com
-
Connectors require access to the following endpoint to obtain software images of container components for a Docker infrastructure:
https://cloudmanagerinfraprod.azurecr.io
Ensure that your firewall enables access to this endpoint from the Connector.