Skip to main content

Configure access to ONTAP web services

Contributors netapp-aaron-holt netapp-bhouser netapp-barbe netapp-aherbin
PDFs

Configuring access to web services allows authorized users to use HTTP or HTTPS to access the service content on the cluster or a storage virtual machine (SVM).

Steps

  1. If a firewall is enabled, ensure that HTTP or HTTPS access is set up in the firewall policy for the LIF that will be used for web services:

    Note

    You can check whether a firewall is enabled by using the system services firewall show command.

    1. To verify that HTTP or HTTPS is set up in the firewall policy, use the system services firewall policy show command.

      You set the -service parameter of the system services firewall policy create command to http or https to enable the policy to support web access.

    2. To verify that the firewall policy supporting HTTP or HTTPS is associated with the LIF that provides web services, use the network interface show command with the -firewall-policy parameter.

      Learn more about network interface show in the ONTAP command reference.

      You use the network interface modify command with the -firewall-policy parameter to put the firewall policy into effect for a LIF.

      Learn more about network interface modify in the ONTAP command reference.

  2. To configure the cluster-level web protocol engine and make web service content accessible, use the system services web modify command.

  3. If you plan to use secure web services (HTTPS), enable SSL and provide digital certificate information for the cluster or SVM by using the security ssl modify command.

    Learn more about security ssl modify in the ONTAP command reference.

  4. To enable a web service for the cluster or SVM, use the vserver services web modify command.

    You must repeat this step for each service that you want to enable for the cluster or SVM.

  5. To authorize a role to access web services on the cluster or SVM, use the vserver services web access create command.

    The role that you grant access must already exist. You can display existing roles by using the security login role show command or create new roles by using the security login role create command.

    Learn more about security login role show and security login role create in the ONTAP command reference.

  6. For a role that has been authorized to access a web service, ensure that its users are also configured with the correct access method by checking the output of the security login show command.

    To access the ONTAP API web service (ontapi), a user must be configured with the ontapi access method. To access all other web services, a user must be configured with the http access method.

    Learn more about security login show in the ONTAP command reference.

    Note

    You use the security login create command to add an access method for a user. Learn more about security login create in the ONTAP command reference.