Skip to main content

Prepare to administer your AFX storage system

Contributors dmp-netapp
PDFs

Before deploying AFX in a production environment, it’s essential to understand the administrative structure and configuration options. This ensures secure, efficient, and effective management of your AFX cluster.

Understand storage virtual machines

A storage virtual machine (SVM) is an isolated server or tenant environment within an ONTAP cluster. You can configure an SVM to serve data to the connected clients. You should be familiar with the capabilities and characteristics of the AFX SVMs.

Note One data SVM is created when you set up and initially deploy an AFX cluster. You can create additional data SVMs if needed.
Administrative control

Data SVMs can be used to establish and enforce isolation of your data and applications. This can be useful when there are many different groups with a larger organization. Administrative control can be delegated to the SVMs to establish policies related to data access, security, and protection.

Accounts and RBAC roles

There are two levels of authentication and authorization with AFX: cluster level and SVM level. In addition to the cluster accounts, every SVM has its own distinct set of users and roles. In most situations, using the cluster level accounts is adequate. But depending on your environment, you might need to configure and use the more restrictive SVM accounts and roles as well. See Additional AFX SVM administration for more information.

SVM-scoped resources

AFX resources and configurable entities are associated either with the cluster or a specific SVM. There are many resources with an SVM scope, including volumes and buckets as well as the SVM user accounts and RBAC roles.

Dedicated network interfaces

Each SVM has its own dedicated set of network interfaces. For example, separate LIFs are allocated to an SVM for management and client data access.

Two AFX administrative levels

The administrative ONTAP tasks you perform with AFX generally fall into two different categories. Some tasks apply to the ONTAP cluster as a whole, while other tasks apply to a specific SVM. This results in two-tier administrative model.

It's important to note that these levels describe how the administrative tasks are organized and assigned, and not necessarily how the associated security is configured. For example, while a cluster administrator account is needed to perform cluster level administration, it can also be used for SVM administration.

Cluster administrator

The cluster administrator has complete control of the AFX cluster including all the data SVMs. The AFX cluster administrative level includes only the tasks that a cluster admin can perform and not any of the SVM-specific administration tasks. See Administer your cluster for more information.

SVM administrator

An SVM administrator role has control of a specific data SVM and so is more restricted compared to the cluster administrator. SVM administration involves performing tasks with objects and resources that have an SVM scope, such as creating a volume. See Administer your storage VMs and data for more information.

Three administrative interfaces

Like AFF and FAS systems, AFX has three administrative interfaces. The LIF (or IP address) you need to use varies based on the administrative interface and your environment.

Note The System Manager user interface is preferred for most administrative tasks. You should use an administrator account unless otherwise indicated.
Interface Description

System Manager

This is a graphical user interface available through a web browser. It's easy to use and provides access to most of the capabilities customers need. Accessing AFX through System Manager provides the simplest experience for the majority of ONTAP cluster and SVM administration needs.

Command line interface

The ONTAP CLI is accessible using SSH. Depending on your account, you can access the cluster management LIF or SVM management LIF. The CLI is more difficult to use but is more robust. It's preferred, and sometimes required, for advanced administration tasks.

REST API

AFX includes a REST API you can use to automate the administration of your AFX cluster. The API shares many of the same calls available with the Unified ONTAP personality REST API with modifications to support the unique AFX features.

Learn to search, filter, and sort information in System Manager

The System Manager user interface includes a robust set of features enabling you to access and display the information you need. Learning to use these capabilities will help you to better administer the AFX storage system. See Search, filter, sort information in System Manager for more information.

Access the ONTAP CLI

While you can use System Manager for most AFX administration, there are some tasks you can only perform using the ONTAP command line interface.

About this task

You can access the ONTAP CLI through the secure shell (SSH). The CLI has multiple privilege levels that determine the commands and command parameters available to you. The admin level is the least privileged and the default when you sign in. You can elevate the privilege of your session to advanced if needed using the set command.

Before you begin

You'll need the following:

  • IP address or domain name of the cluster or SVM management LIF

  • Account credentials

  • SSH client on your local workstation

Steps

  1. Use SSH to connect to your AFX cluster, for example:

    ssh admin@10.69.117.24

  2. Provide the account password.

  3. Display the command directories at the top of the hierarchy:

    ?

  4. Elevate the privilege level of your session from admin to advanced:

    set -privilege advanced

Working with ONTAP HA pairs

As with Unified ONTAP, AFX cluster nodes are configured in high-availability (HA) pairs for fault tolerance and nondisruptive operations. HA pairing provides the ability for storage operations to stay online in the event of a node failure, such as a storage failover. Each node is partnered with another node to form a single pair. This is generally done using a direct connection between the two node’s NVRAM modules.

With AFX, a new HA VLAN is added to the backend cluster switches to enable NVRAM modules to stay connected between the HA partner nodes. HA pairs are still used with the AFX system, but there is no longer a need for the partner nodes to be directly connected.

AFX system deployment limitations

There are several limitations, including minimums and maximums, enforced by AFX when configuring and using your cluster. These limits fall into several different categories including:

Controller nodes per cluster

Each AFX cluster must have at least four nodes. The maximum number of nodes varies based on the ONTAP release.

Storage capacity

This is the total capacity across all the SSD disks in the cluster Storage Availability Zone (SAZ). The maximum storage capacity varies based on the ONTAP release. You should review the information available at the Interoperability Matrix Tool (IMT) to determine the capabilities of your cluster.

Confirm AFX system health

Before performing any AFX administration tasks, you should check the health of the cluster.

Tip You can check the health of your AFX cluster at any time, including when you suspect an operational or performance issue.
Before you begin

You'll need the following:

  • Cluster management IP address or FQDN

  • Administrator account for the cluster (username and password)

Steps

  1. Connect to System Manager using a browser:

    https://$FQDN_IPADDR/

    Example

    https://10.61.25.33/

  2. Provide the administrator username and password and select Sign in.

  3. Review the system dashboard and cluster status including cabling. Also notice the navigation pane on the left.

    View dashboard and cluster status

  4. Display the system events and audit log messages.

    View AFX events and audit log

  5. Display and note any Insight recommendations.

    Use Insights to optimize AFX cluster performance and security

Quick start for creating and using a data SVM

After installing and setting up the AFX cluster, you can begin performing the administration tasks typical of most AFX deployments. Here are the high-level steps needed to begin sharing data with clients.

One Display the available data SVMs

Display the list of data SVMs and determine if there's one you can use.

Two Optionally create a data SVM

Create an SVM to isolate and protect your application workloads and data if an existing SVM is not available.

Three Configure your SVM

Configure your SVM and prepare for client access.

Four Prepare to provision storage

Prepare to allocate and manage your data.