Launch Cloud Volumes ONTAP in Azure
You can launch a single node system or an HA pair in Azure by creating a Cloud Volumes ONTAP system in NetApp Console.
You need the following before you begin.
- 
A Console agent that's up and running. 
- 
An understanding of the configuration that you want to use. You should have a configuration planned, and the necessary Azure networking details from your administrator. For more information, refer to Planning your Cloud Volumes ONTAP configuration. 
- 
An understanding of what's required to set up licensing for Cloud Volumes ONTAP. 
When the Console creates a Cloud Volumes ONTAP system in Azure, it creates several Azure objects, such as a resource group, network interfaces, and storage accounts. You can review a summary of the resources at the end of the wizard.
|  | Potential for Data Loss The best practice is to use a new, dedicated resource group for each Cloud Volumes ONTAP system. Deploying Cloud Volumes ONTAP in an existing, shared resource group is not recommended due to the risk of data loss. While the Console can remove Cloud Volumes ONTAP resources from a shared resource group in case of deployment failure or deletion, an Azure user might accidentally delete Cloud Volumes ONTAP resources from a shared resource group. | 
Launch a single-node Cloud Volumes ONTAP system in Azure
If you want to launch a single-node Cloud Volumes ONTAP system in Azure, you need to create an single node system in the Console.
- 
From the left navigation menu, select Storage > Management. 
- 
On the Systems page, click Add System and follow the prompts. 
- 
Choose a Location: Select Microsoft Azure and Cloud Volumes ONTAP Single Node. 
- 
If you're prompted, create a Console agent. 
- 
Details and Credentials: Optionally change the Azure credentials and subscription, specify a cluster name, add tags if needed, and then specify credentials. The following table describes fields for which you might need guidance: Field Description System Name The Console uses the system name to name both the Cloud Volumes ONTAP system and the Azure virtual machine. It also uses the name as the prefix for the predefined security group, if you select that option. Resource Group Tags Tags are metadata for your Azure resources. When you enter tags in this field, the Console adds them to the resource group associated with the Cloud Volumes ONTAP system. 
 
 You can add up to four tags from the user interface when creating a system, and then you can add more after it's created. Note that the API does not limit you to four tags when creating a system.
 
 For information about tags, refer to the Microsoft Azure Documentation: Using tags to organize your Azure resources.User name and password These are the credentials for the Cloud Volumes ONTAP cluster administrator account. You can use these credentials to connect to Cloud Volumes ONTAP through ONTAP System Manager or the ONTAP CLI. Keep the default admin user name or change it to a custom user name. Edit Credentials You can choose different Azure credentials and a different Azure subscription to use with this Cloud Volumes ONTAP system. You need to associate an Azure Marketplace subscription with the selected Azure subscription in order to deploy a pay-as-you-go Cloud Volumes ONTAP system. Learn how to add credentials. 
- 
Services: Enable or disable the individual services that you want to or don't want to use with Cloud Volumes ONTAP. 
- 
Learn more about NetApp Backup and Recovery If you would like to utilize WORM and data tiering, you must disable Backup and Recovery and deploy a Cloud Volumes ONTAP system with version 9.8 or above. 
 
- 
Location: Select a region, availability zone, VNet, and subnet, and then select the checkbox to confirm network connectivity between the Console agent and the target location. For China regions, single node deployments are supported only in Cloud Volumes ONTAP 9.12.1 GA and 9.13.0 GA. You can upgrade these versions to later patches and releases of Cloud Volumes ONTAP as supported in Azure. If you want to deploy later Cloud Volumes ONTAP versions in China regions, contact NetApp Support. Only licenses purchased directly from NetApp are supported in China regions, marketplace subscriptions are not available. 
- 
Connectivity: Choose a new or existing resource group and then choose whether to use the predefined security group or to use your own. The following table describes fields for which you might need guidance: Field Description Resource Group Create a new resource group for Cloud Volumes ONTAP or use an existing resource group. The best practice is to use a new, dedicated resource group for Cloud Volumes ONTAP. While it is possible to deploy Cloud Volumes ONTAP in an existing, shared resource group, it's not recommended due to the risk of data loss. See the warning above for more details. If the Azure account that you're using has the required permissions, the Console removes Cloud Volumes ONTAP resources from a resource group, in case of deployment failure or deletion. Generated security group If you let the Console generate the security group for you, you need to choose how you'll allow traffic: - 
If you choose Selected VNet only, the source for inbound traffic is the subnet range of the selected VNet and the subnet range of the VNet where the Console agent resides. This is the recommended option. 
- 
If you choose All VNets, the source for inbound traffic is the 0.0.0.0/0 IP range. 
 Use existing If you choose an existing security group, then it must meet Cloud Volumes ONTAP requirements. View the default security group. 
- 
- 
Charging Methods and NSS Account: Specify which charging option would you like to use with this system, and then specify a NetApp Support Site account. 
- 
Preconfigured Packages: Select one of the packages to quickly deploy a Cloud Volumes ONTAP system, or click Create my own configuration. If you choose one of the packages, you only need to specify a volume and then review and approve the configuration. 
- 
Licensing: Change the Cloud Volumes ONTAP version if required, and select a virtual machine type. If a newer Release Candidate, General Availability, or patch release is available for the selected version, then BlueXP updates the system to that version when creating the working environment. For example, the update occurs if you select Cloud Volumes ONTAP 9.16.1 P3 and 9.16.1 P4 is available. The update does not occur from one release to another—for example, from 9.15 to 9.16. 
- 
Subscribe from the Azure Marketplace: You see this page if the Console could not enable programmatic deployments of Cloud Volumes ONTAP. Follow the steps listed on the screen. refer to Programmatic deployment of Marketplace products for more information. 
- 
Underlying Storage Resources: Choose settings for the initial aggregate: a disk type, a size for each disk, and whether data tiering to Blob storage should be enabled. Note the following: - 
If the public access to your storage account is disabled within the VNet, you cannot enable data tiering in your Cloud Volumes ONTAP system. For information, refer to Security group rules. 
- 
The disk type is for the initial volume. You can choose a different disk type for subsequent volumes. 
- 
The disk size is for all disks in the initial aggregate and for any additional aggregates that the Console creates when you use the simple provisioning option. You can create aggregates that use a different disk size by using the advanced allocation option. For help choosing a disk type and size, refer to Sizing your system in Azure. 
- 
You can choose a specific volume tiering policy when you create or edit a volume. 
- 
If you disable data tiering, you can enable it on subsequent aggregates. 
 
- 
- 
Write Speed & WORM: - 
Choose Normal or High write speed, if desired. 
- 
Activate write once, read many (WORM) storage, if desired. This option is only available for certain VM types. To find out which VM types are supported, refer to Supported configurations by license for HA pairs. WORM can't be enabled if data tiering was enabled for Cloud Volumes ONTAP versions 9.7 and below. Reverting or downgrading to Cloud Volumes ONTAP 9.8 is blocked after enabling WORM and tiering. 
- 
If you activate WORM storage, select the retention period. 
 
- 
- 
Create Volume: Enter details for the new volume or click Skip. Some of the fields in this page are self-explanatory. The following table describes fields for which you might need guidance: Field Description Size The maximum size that you can enter largely depends on whether you enable thin provisioning, which enables you to create a volume that is bigger than the physical storage currently available to it. Access control (for NFS only) An export policy defines the clients in the subnet that can access the volume. By default, the Console enters a value that provides access to all instances in the subnet. Permissions and Users / Groups (for CIFS only) These fields enable you to control the level of access to a share for users and groups (also called access control lists or ACLs). You can specify local or domain Windows users or groups, or UNIX users or groups. If you specify a domain Windows user name, you must include the user's domain using the format domain\username. Snapshot Policy A Snapshot copy policy specifies the frequency and number of automatically created NetApp Snapshot copies. A NetApp Snapshot copy is a point-in-time file system image that has no performance impact and requires minimal storage. You can choose the default policy or none. You might choose none for transient data: for example, tempdb for Microsoft SQL Server. Advanced options (for NFS only) Select an NFS version for the volume: either NFSv3 or NFSv4. Initiator group and IQN (for iSCSI only) iSCSI storage targets are called LUNs (logical units) and are presented to hosts as standard block devices. 
 
 Initiator groups are tables of iSCSI host node names and control which initiators have access to which LUNs.
 
 iSCSI targets connect to the network through standard Ethernet network adapters (NICs), TCP offload engine (TOE) cards with software initiators, converged network adapters (CNAs) or dedicated host bust adapters (HBAs) and are identified by iSCSI qualified names (IQNs).
 
 When you create an iSCSI volume, the Console automatically creates a LUN for you. We’ve made it simple by creating just one LUN per volume, so there’s no management involved. After you create the volume, use the IQN to connect to the LUN from your hosts.The following image shows the first page of the volume creation wizard:  
- 
CIFS Setup: If you chose the CIFS protocol, set up a CIFS server. Field Description DNS Primary and Secondary IP Address The IP addresses of the DNS servers that provide name resolution for the CIFS server. 
 The listed DNS servers must contain the service location records (SRV) needed to locate the Active Directory LDAP servers and domain controllers for the domain that the CIFS server will join.Active Directory Domain to join The FQDN of the Active Directory (AD) domain that you want the CIFS server to join. Credentials authorized to join the domain The name and password of a Windows account with sufficient privileges to add computers to the specified Organizational Unit (OU) within the AD domain. CIFS server NetBIOS name A CIFS server name that is unique in the AD domain. Organizational Unit The organizational unit within the AD domain to associate with the CIFS server. The default is CN=Computers. 
 
 To configure Azure AD Domain Services as the AD server for Cloud Volumes ONTAP, you should enter OU=AADDC Computers or OU=AADDC Users in this field.
 Azure Documentation: Create an Organizational Unit (OU) in an Azure AD Domain Services managed domainDNS Domain The DNS domain for the Cloud Volumes ONTAP storage virtual machine (SVM). In most cases, the domain is the same as the AD domain. NTP Server Select Use Active Directory Domain to configure an NTP server using the Active Directory DNS. If you need to configure an NTP server using a different address, then you should use the API. Refer to the NetApp Console automation docs for details. 
 
 Note that you can configure an NTP server only when creating a CIFS server. It's not configurable after you create the CIFS server.
- 
Usage Profile, Disk Type, and Tiering Policy: Choose whether you want to enable storage efficiency features and change the volume tiering policy, if needed. For more information, refer to Understanding volume usage profiles and Data tiering overview. 
- 
Review & Approve: Review and confirm your selections. - 
Review details about the configuration. 
- 
Click More information to review details about support and the Azure resources that the Console will purchase. 
- 
Select the I understand… check boxes. 
- 
Click Go. 
 
- 
The Console deploys the Cloud Volumes ONTAP system. You can track the progress on the Audit page.
If you experience any issues deploying the Cloud Volumes ONTAP system, review the failure message. You can also select the system and click Re-create environment.
For additional help, go to NetApp Cloud Volumes ONTAP Support.
|  | After the deployment process completes, do not modify the system-generated Cloud Volumes ONTAP configurations in the Azure portal, especially the system tags. Any changes made to these configurations may lead to unexpected behavior or data loss. | 
- 
If you provisioned a CIFS share, give users or groups permissions to the files and folders and verify that those users can access the share and create a file. 
- 
If you want to apply quotas to volumes, use ONTAP System Manager or the ONTAP CLI. Quotas enable you to restrict or track the disk space and number of files used by a user, group, or qtree. 
Launch a Cloud Volumes ONTAP HA pair in Azure
If you want to launch a Cloud Volumes ONTAP HA pair in Azure, you need to create an HA system in the Console.
- 
From the left navigation menu, select Storage > Management. 
- 
On the Systems page, click Add System and follow the prompts. 
- 
If you're prompted, create a Console agent. 
- 
Details and Credentials: Optionally change the Azure credentials and subscription, specify a cluster name, add tags if needed, and then specify credentials. The following table describes fields for which you might need guidance: Field Description System Name The Console uses the system name to name both the Cloud Volumes ONTAP system and the Azure virtual machine. It also uses the name as the prefix for the predefined security group, if you select that option. Resource Group Tags Tags are metadata for your Azure resources. When you enter tags in this field, the Console adds them to the resource group associated with the Cloud Volumes ONTAP system. 
 
 You can add up to four tags from the user interface when creating a system, and then you can add more after it's created. Note that the API does not limit you to four tags when creating a system.
 
 For information about tags, refer to the Microsoft Azure Documentation: Using tags to organize your Azure resources.User name and password These are the credentials for the Cloud Volumes ONTAP cluster administrator account. You can use these credentials to connect to Cloud Volumes ONTAP through ONTAP System Manager or the ONTAP CLI. Keep the default admin user name or change it to a custom user name. Edit Credentials You can choose different Azure credentials and a different Azure subscription to use with this Cloud Volumes ONTAP system. You need to associate an Azure Marketplace subscription with the selected Azure subscription in order to deploy a pay-as-you-go Cloud Volumes ONTAP system. Learn how to add credentials. 
- 
Services: Enable or disable the individual services based on whether you want to use them with Cloud Volumes ONTAP. 
- 
Learn more about NetApp Backup and Recovery If you would like to utilize WORM and data tiering, you must disable Backup and Recovery and deploy a Cloud Volumes ONTAP system with version 9.8 or above. 
 
- 
HA Deployment Models: - 
Select Single Availability Zone or Multiple Availability Zone. - 
For single availability zones, select an Azure region, availability zone, VNet, and subnet. Beginning with Cloud Volumes ONTAP 9.15.1, you can deploy virtual machine (VM) instances in HA mode in single availability zones (AZs) in Azure. You need to select a zone and a region that support this deployment. If the zone or the region does not support zonal deployment, then the previous non-zonal deployment mode for LRS is followed. For understanding the supported configurations for shared managed disks, refer to HA single availability zone configuration with shared managed disks. 
- 
For multiple availability zones, select a region, VNet, subnet, zone for node 1, and zone for node 2. 
 
- 
- 
Select the I have verified network connectivity… check box. 
 
- 
- 
Connectivity: Choose a new or existing resource group and then choose whether to use the predefined security group or to use your own. The following table describes fields for which you might need guidance: Field Description Resource Group Create a new resource group for Cloud Volumes ONTAP or use an existing resource group. The best practice is to use a new, dedicated resource group for Cloud Volumes ONTAP. While it is possible to deploy Cloud Volumes ONTAP in an existing, shared resource group, it's not recommended due to the risk of data loss. See the warning above for more details. You must use a dedicated resource group for each Cloud Volumes ONTAP HA pair that you deploy in Azure. Only one HA pair is supported in a resource group. The Console experiences connection issues if you try to deploy a second Cloud Volumes ONTAP HA pair in an Azure resource group. If the Azure account that you're using has the required permissions, the Console removes Cloud Volumes ONTAP resources from a resource group, in case of deployment failure or deletion. Generated security group If you let the Console generate the security group for you, you need to choose how you'll allow traffic: - 
If you choose Selected VNet only, the source for inbound traffic is the subnet range of the selected VNet and the subnet range of the VNet where the Console agent resides. This is the recommended option. 
- 
If you choose All VNets, the source for inbound traffic is the 0.0.0.0/0 IP range. 
 Use existing If you choose an existing security group, then it must meet Cloud Volumes ONTAP requirements. View the default security group. 
- 
- 
Charging Methods and NSS Account: Specify which charging option would you like to use with this system, and then specify a NetApp Support Site account. 
- 
Preconfigured Packages: Select one of the packages to quickly deploy a Cloud Volumes ONTAP system, or click Change configuration. If you choose one of the packages, you only need to specify a volume and then review and approve the configuration. 
- 
Licensing: Change the Cloud Volumes ONTAP version as needed and select a virtual machine type. If a newer Release Candidate, General Availability, or patch release is available for the selected version, then the Console updates the system to that version when creating it. For example, the update occurs if you select Cloud Volumes ONTAP 9.13.1 and 9.13.1 P4 is available. The update does not occur from one release to another— for example, from 9.13 to 9.14. 
- 
Subscribe from the Azure Marketplace: Follow the steps if the Console could not enable programmatic deployments of Cloud Volumes ONTAP. 
- 
Underlying Storage Resources: Choose settings for the initial aggregate: a disk type, a size for each disk, and whether data tiering to Blob storage should be enabled. Note the following: - 
The disk size is for all disks in the initial aggregate and for any additional aggregates that the Console creates when you use the simple provisioning option. You can create aggregates that use a different disk size by using the advanced allocation option. For help choosing a disk size, refer to Size your system in Azure. 
- 
If the public access to your storage account is disabled within the VNet, you cannot enable data tiering in your Cloud Volumes ONTAP system. For information, refer to Security group rules. 
- 
You can choose a specific volume tiering policy when you create or edit a volume. 
- 
If you disable data tiering, you can enable it on subsequent aggregates. 
- 
Starting with Cloud Volumes ONTAP 9.15.0P1, Azure page blobs are no longer supported for new high-availability pair deployments. If you currently use Azure page blobs in existing high-availability pair deployments, you can migrate to newer VM instance types in the Edsv4-series VMs and Edsv5-series VMs. 
 
- 
- 
Write Speed & WORM: - 
Choose Normal or High write speed, if desired. 
- 
Activate write once, read many (WORM) storage, if desired. This option is only available for certain VM types. To find out which VM types are supported, refer to Supported configurations by license for HA pairs. WORM can't be enabled if data tiering was enabled for Cloud Volumes ONTAP versions 9.7 and below. Reverting or downgrading to Cloud Volumes ONTAP 9.8 is blocked after enabling WORM and tiering. 
- 
If you activate WORM storage, select the retention period. 
 
- 
- 
Secure Communication to Storage & WORM: Choose whether to enable an HTTPS connection to Azure storage accounts, and activate write once, read many (WORM) storage, if desired. The HTTPS connection is from a Cloud Volumes ONTAP 9.7 HA pair to Azure page blob storage accounts. Note that enabling this option can impact write performance. You can't change the setting after you create the system. WORM can't be enabled if data tiering was enabled. 
- 
Create Volume: Enter details for the new volume or click Skip. Some of the fields in this page are self-explanatory. The following table describes fields for which you might need guidance: Field Description Size The maximum size that you can enter largely depends on whether you enable thin provisioning, which enables you to create a volume that is bigger than the physical storage currently available to it. Access control (for NFS only) An export policy defines the clients in the subnet that can access the volume. By default, the Console enters a value that provides access to all instances in the subnet. Permissions and Users / Groups (for CIFS only) These fields enable you to control the level of access to a share for users and groups (also called access control lists or ACLs). You can specify local or domain Windows users or groups, or UNIX users or groups. If you specify a domain Windows user name, you must include the user's domain using the format domain\username. Snapshot Policy A Snapshot copy policy specifies the frequency and number of automatically created NetApp Snapshot copies. A NetApp Snapshot copy is a point-in-time file system image that has no performance impact and requires minimal storage. You can choose the default policy or none. You might choose none for transient data: for example, tempdb for Microsoft SQL Server. Advanced options (for NFS only) Select an NFS version for the volume: either NFSv3 or NFSv4. Initiator group and IQN (for iSCSI only) iSCSI storage targets are called LUNs (logical units) and are presented to hosts as standard block devices. 
 
 Initiator groups are tables of iSCSI host node names and control which initiators have access to which LUNs.
 
 iSCSI targets connect to the network through standard Ethernet network adapters (NICs), TCP offload engine (TOE) cards with software initiators, converged network adapters (CNAs) or dedicated host bust adapters (HBAs) and are identified by iSCSI qualified names (IQNs).
 
 When you create an iSCSI volume, the Console automatically creates a LUN for you. We’ve made it simple by creating just one LUN per volume, so there’s no management involved. After you create the volume, use the IQN to connect to the LUN from your hosts.The following image shows the first page of the volume creation wizard:  
- 
CIFS Setup: If you chose the CIFS protocol, set up a CIFS server. Field Description DNS Primary and Secondary IP Address The IP addresses of the DNS servers that provide name resolution for the CIFS server. 
 The listed DNS servers must contain the service location records (SRV) needed to locate the Active Directory LDAP servers and domain controllers for the domain that the CIFS server will join.Active Directory Domain to join The FQDN of the Active Directory (AD) domain that you want the CIFS server to join. Credentials authorized to join the domain The name and password of a Windows account with sufficient privileges to add computers to the specified Organizational Unit (OU) within the AD domain. CIFS server NetBIOS name A CIFS server name that is unique in the AD domain. Organizational Unit The organizational unit within the AD domain to associate with the CIFS server. The default is CN=Computers. 
 
 To configure Azure AD Domain Services as the AD server for Cloud Volumes ONTAP, you should enter OU=AADDC Computers or OU=AADDC Users in this field.
 Azure Documentation: Create an Organizational Unit (OU) in an Azure AD Domain Services managed domainDNS Domain The DNS domain for the Cloud Volumes ONTAP storage virtual machine (SVM). In most cases, the domain is the same as the AD domain. NTP Server Select Use Active Directory Domain to configure an NTP server using the Active Directory DNS. If you need to configure an NTP server using a different address, then you should use the API. Refer to the NetApp Console automation docs for details. 
 
 Note that you can configure an NTP server only when creating a CIFS server. It's not configurable after you create the CIFS server.
- 
Usage Profile, Disk Type, and Tiering Policy: Choose whether you want to enable storage efficiency features and change the volume tiering policy, if needed. For more information, refer to Choose a volume usage profile, Data tiering overview, and KB: What Inline Storage Efficiency features are supported with CVO? 
- 
Review & Approve: Review and confirm your selections. - 
Review details about the configuration. 
- 
Click More information to review details about support and the Azure resources that the Console will purchase. 
- 
Select the I understand… check boxes. 
- 
Click Go. 
 
- 
The Console deploys the Cloud Volumes ONTAP system. You can track the progress on the Audit page.
If you experience any issues deploying the Cloud Volumes ONTAP system, review the failure message. You can also select the system and click Re-create environment.
For additional help, go to NetApp Cloud Volumes ONTAP Support.
- 
If you provisioned a CIFS share, give users or groups permissions to the files and folders and verify that those users can access the share and create a file. 
- 
If you want to apply quotas to volumes, use ONTAP System Manager or the ONTAP CLI. Quotas enable you to restrict or track the disk space and number of files used by a user, group, or qtree. 
|  | After the deployment process completes, do not modify the system-generated Cloud Volumes ONTAP configurations in the Azure portal, especially the system tags. Any changes made to these configurations may lead to unexpected behavior or data loss. | 
 PDFs
PDFs