Skip to main content

Install or upgrade ONTAP Mediator

Contributors netapp-sarajane netapp-aoife netapp-folivia netapp-ahibbard netapp-thomi thrisun netapp-dbagwell netapp-barbe netapp-camdenc netapp-aherbin
PDFs

To install or upgrade ONTAP Mediator, you need to meet all prerequisites, download the installation package, and run the installer on the host.

  • Beginning with ONTAP 9.8, you can use any version of ONTAP Mediator to monitor an SnapMirror active sync relationship.

  • When you configure the ONTAP Mediator with the iSCSI protocol, you can use any version of ONTAP Mediator to monitor a MetroCluster IP configuration.

  • Beginning with ONTAP 9.19.1 and ONTAP Mediator 1.12, you can configure an ONTAP Mediator that uses HTTPS for communication to monitor your MetroCluster IP configuration.

Installation and upgrade considerations

Review the following information before upgrading or installing ONTAP Mediator.

Note ONTAP Mediator 1.8 and earlier is not compatible with Red Hat Enterprise Linux (RHEL) FIPS mode and prevents it from installing successfully. You can check if FIPS mode is enabled using the fips-mode-setup --check command. You can disable FIPS mode using the fips-modesetup --disable command. Reboot after disabling FIPS mode to successfully install ONTAP Mediator 1.8 or earlier.

  • You should upgrade ONTAP Mediator to the latest version. Older versions still work with all ONTAP releases, but newer versions include security patches for third-party components.

  • When you upgrade to a new ONTAP Mediator version that includes the SCST package, the installer automatically upgrades to the recommended SCST version unless a higher version is available. For instructions on manually installing a higher SCST version, see Manage ONTAP Mediator. For supported versions, see the SCST support matrix.

Note

  • If the installation fails, you might need to upgrade to a newer version of ONTAP Mediator.

  • From June 15, 2025, you can't install or upgrade ONTAP Mediator 1.9 and 1.8 because their code signing certificates have expired. If the installation or upgrade fails, use the ONTAP Mediator 1.9.1 patch version instead.

  • If you install the yum-utils package, you can use the needs-restarting command.

  • Beginning with ONTAP Mediator 1.11, IPv6 is supported for MetroCluster IP configurations.

HTTPS and iSCSI installation options for ONTAP Mediator

  • In ONTAP Mediator, the SCST package is used to provide iSCSI for communication in MetroCluster IP configurations. The SCST package is a kernel module that is compiled during installation. Beginning with ONTAP Mediator 1.12, you can configure an ONTAP Mediator that uses HTTPS instead of iSCSI to monitor a MetroCluster IP configuration.

Caution

  • When ONTAP Mediator is configured with the HTTPS protocol in MetroCluster IP configurations, a single ONTAP Mediator instance can only monitor one MetroCluster IP configuration. Monitoring multiple MetroCluster IP configurations simultaneously is not supported.

  • If you need ONTAP Mediator configured with HTTPS to monitor multiple MetroCluster IP configurations, you must configure separate ONTAP Mediator instances for each MetroCluster IP configuration. You must carefully evaluate the requirements for your MetroCluster IP environment before you choose to configure ONTAP Mediator with HTTPS for MetroCluster IP.

  • When you install or upgrade to ONTAP Mediator 1.12 or later, you have the option to install ONTAP Mediator with iSCSI and HTTPS support, or support for HTTPS only. If you choose to install ONTAP Mediator with support for HTTPS only, the SCST package is not installed.

  • If you upgrade from ONTAP Mediator 1.11 or earlier with SCST installed, and you choose the HTTPS only option during the upgrade, the SCST package is uninstalled and the new ONTAP Mediator version does not contain the SCST package.

  • Installing ONTAP Mediator with support for HTTPS only is supported for the following use cases:

    • You plan to only use ONTAP Mediator to monitor your SnapMirror active sync clusters.

    • You plan to configure ONTAP Mediator with HTTPS to monitor a single MetroCluster IP configuration per ONTAP Mediator instance.

  • ONTAP Mediator must be installed with support for iSCSI and HTTPS in the following scenario:

    • You plan to configure ONTAP Mediator with iSCSI to monitor one or more MetroCluster IP configurations.

Host requirements

Follow these requirements when installing RHEL or Rocky Linux and configuring the associated repositories.

Note

If you modify the installation or configuration process, you might need to perform additional steps.
Linux distribution requirements

  • Install RHEL or Rocky Linux according to Red Hat's best practices. Because CentOS 8.x has reached end-of-life, compatible versions of CentOS 8.x are not recommended.

  • When installing ONTAP Mediator, ensure the system has access to the required repository so the installation program can retrieve and install all required software dependencies.

  • To enable the yum installer to find dependent software in the RHEL repositories, register the system during installation or afterwards using a valid Red Hat subscription.

    Note

    See the Red Hat Subscription Manager documentation for further information.

Firewall and networking requirements

ONTAP Mediator uses a number of ports to communicate with specific services.

  • If you are using a third-party firewall:

    • HTTPS access must be enabled.

    • It must be configured to allow access on ports 31784 and 3260.

      When using the default Red Hat or CentOS firewall, the firewall is automatically configured during Mediator installation.

  • For Linux hosts without internet access, make sure the required packages are available in a local repository.

    If you are using Link Aggregation Control Protocol (LACP) in a Linux environment, configure the kernel and set the sysctl net.ipv4.conf.all.arp_ignore to 2.

The following table lists the ports that you must allow in your firewall:

Note

  • The iSCSI port is only required in a MetroCluster IP configuration.

  • The 22/tcp port is not required for normal operation but you can enable it temporarily for maintenance and disable it when the maintenance session has finished.

Port/services

Source

Direction

Destination

Purpose

22/tcp

Management host

Inbound

ONTAP Mediator

(Optional) SSH / ONTAP Mediator management

31784/tcp

cluster-mgmt and node-mgmt LIFs

Inbound

ONTAP Mediator web server

(Required) REST API (HTTPS)

3260/tcp

node-mgmt LIFs

Inbound

ONTAP Mediator iSCSI targets

(Required for MetroCluster IP configurations) iSCSI data connection for mailboxes
Note For a SnapMirror active sync or MetroCluster IP ONTAP Mediator that uses HTTPS for communication, ONTAP doesn't require port 3260 to be enabled or connected.

OS requirements

Your OS must meet the following requirements:

  • 64-bit physical installation or virtual machine

  • 8 GB RAM

  • 1 GB disk space (used for applications installation, server logs, and the database)

  • User: Root access

The following table shows the supported OSs for each version of ONTAP Mediator.

ONTAP Mediator version

Supported Linux versions

1.12

  • Red Hat Enterprise Linux

    • Compatible: 10.1 and 9.7 1

    • Recommended: 10.2, 10.0, 9.8, 9.6, 9.4, and 8.10

  • Rocky Linux 10.2, 9.8, and 8.10

  • Oracle Linux 10.1 and 9.7

1.11

  • Red Hat Enterprise Linux

    • Compatible: 9.5 1

    • Recommended: 10.1, 10.0, 9.7, 9.6, 9.4, and 8.10

  • Rocky Linux 10.1, 9.7, and 8.10

  • Oracle Linux 10.0 and 9.6

1.10

  • Red Hat Enterprise Linux

    • Compatible: 9.5 1

    • Recommended: 10.0, 9.6, 9.4, and 8.10

  • Rocky Linux 10.0, 9.6, and 8.10

1.9.1

  • Red Hat Enterprise Linux

    • Compatible: 9.3, 9.1, 8.9, 8.7, 8.6, 8.5, and 8.4 1

    • Recommended: 9.5, 9.4, 9.2, 9.0, 8.10, and 8.8

  • Rocky Linux 9.5 and 8.10

1.9

  • Red Hat Enterprise Linux

    • Compatible: 9.3, 9.1, 8.9, 8.7, 8.6, 8.5, and 8.4 1

    • Recommended: 9.5, 9.4, 9.2, 9.0, 8.10, and 8.8

  • Rocky Linux 9.5 and 8.10

1.8

  • Red Hat Enterprise Linux:

    • Compatible: 8.7, 8.6, 8.5, and 8.4 1

    • Recommended: 9.4, 9.3, 9.2, 9.1, 9.0, 8.10, 8.9, and 8.8

  • Rocky Linux 9.4 and 8.10

1.7

  • Red Hat Enterprise Linux:

    • Compatible: 8.7, 8.6, 8.5, and 8.4 1

    • Recommended: 9.3, 9.2, 9.1, 9.0, 8.9, and 8.8

  • Rocky Linux 9.3 and 8.9

1.6

  • Red Hat Enterprise Linux:

    • Compatible: 8.7, 8.6, 8.5, and 8.4 1

    • Recommended: 9.2, 9.1, 9.0, and 8.8

  • Rocky Linux 9.2 and 8.8

1.5

  • Red Hat Enterprise Linux: 8.5, 8.4, 8.3, 8.2, 8.1, 8.0, 7.9, 7.8, 7.7, and 7.6

  • CentOS: 7.9, 7.8, 7.7, and 7.6

1.4

  • Red Hat Enterprise Linux: 8.5, 8.4, 8.3, 8.2, 8.1, 8.0, 7.9, 7.8, 7.7, and 7.6

  • CentOS: 7.9, 7.8, 7.7, and 7.6

1.3

  • Red Hat Enterprise Linux: 8.3, 8.2, 8.1, 8.0, 7.9, 7.8, 7.7, and 7.6

  • CentOS: 7.9, 7.8, 7.7, and 7.6

1.2

  • Red Hat Enterprise Linux: 8.1, 8.0, 7.9, 7.8, 7.7, and 7.6

  • CentOS: 7.9, 7.8, 7.7, and 7.6

  1. Compatible means that Red Hat no longer supports these RHEL versions, but ONTAP Mediator can still be installed on them.

OS required packages

The following packages are required by ONTAP Mediator:

Note The packages are either pre-installed or automatically installed by the ONTAP Mediator installer.

All RHEL/CentOS versions

Additional packages for RHEL 10.x / Rocky Linux 10

Additional packages for RHEL 9.x / Rocky Linux 9

Additional packages for RHEL 8.x / Rocky Linux 8

  • openssl

  • openssl-devel

  • kernel-devel-$ (uname -r)

  • gcc

  • make

  • libselinux-utils

  • patch

  • bzip2

  • perl-Data-Dumper

  • perl-ExtUtils-MakeMaker

  • efibootmgr

  • mokutil

  • python3.12

  • python3.12-devel

  • elfutils-libelf-devel

  • policycoreutils-python-utils

  • python3

  • python3-devel

  • elfutils-libelf-devel

  • policycoreutils-python-utils

  • redhat-lsb-core

  • python39

  • python39-devel

The Mediator installation package is a self-extracting compressed tar file that includes:

  • An RPM file containing all dependencies that cannot be obtained from the supported release's repository.

  • An install script.

A valid SSL certificate is recommended.

OS upgrade and kernel compatibility requirements

The following requirements apply when the SCST package is installed with ONTAP Mediator.

Note If you installed ONTAP Mediator 1.12 or later with support for HTTPS only, the SCST package is not installed so the kernel compatibility requirements do not apply.

  • You can update all library packages except the kernel, but you might need to reboot to apply changes in ONTAP Mediator. Schedule downtime if you need to reboot.

  • You should keep the OS kernel up to date. Upgrade the kernel core to a supported version listed in the ONTAP Mediator version matrix. You must reboot the system, so plan a maintenance window for the outage.

    • Uninstall the SCST kernel module before you reboot, and then reinstall it afterwards.

    • Prepare a supported version of SCST to reinstall before you start the kernel OS upgrade.

Note

  • The kernel version must match the operating system version.

  • Do not upgrade the kernel past the supported OS version for your ONTAP Mediator release as the tested SCST module might not work.

Install ONTAP Mediator when UEFI Secure Boot is enabled

ONTAP Mediator can be installed on a system with or without UEFI Secure Boot enabled.

About this task

  • You can choose to disable UEFI Secure Boot before installing ONTAP Mediator if it is not needed or if you are troubleshooting ONTAP Mediator installation issues. Disable the UEFI Secure Boot option from your machine settings.

  • If you installed ONTAP Mediator 1.12 or later with support for HTTPS only, the SCST package is not installed and you can skip this task.

Note

For detailed instructions on disabling UEFI Secure Boot, refer to the documentation for your host OS.

To install ONTAP Mediator with UEFI Secure Boot enabled, you must register a security key before the service can start. The key is generated during the SCST installation's compile step and saved as a private-public key pair on your machine. Use the mokutil utility to add the public key as a Machine Owner Key (MOK) to your UEFI firmware, enabling the system to trust and load the signed module. Save the mokutil passphrase in a secure location as this is required when rebooting your system to activate the MOK.

Steps

  1. Check if UEFI Secure Boot is enabled on your system:

    mokutil --sb-state

    The results indicate whether UEFI Secure Boot is enabled on this system.

    If…​

    Go to…​

    UEFI secure boot is enabled

    The step where you run the mokutil utility

    UEFI secure boot is disabled

    Upgrade the host operating system and then ONTAP Mediator
    Note

    • You are prompted to create a passphrase that you must store in a secure location. You'll need this passphrase to enable the key in the UEFI Boot Manager.

    • ONTAP Mediator 1.2.0 and earlier versions do not support this mode.

  2. If the mokutil utility is not installed, run the following command:

    yum install mokutil