Skip to main content

Create a load balancer endpoint for FabricPool

Contributors netapp-madkat netapp-perveilerk ssantho3 netapp-lhalbert
PDFs

StorageGRID uses a load balancer to manage the workload from client applications, such as FabricPool. Load balancing maximizes speed and connection capacity across multiple Storage Nodes.

When configuring StorageGRID for use with FabricPool, you must configure a load balancer endpoint and upload or generate a load balancer endpoint certificate, which is used to secure the connection between ONTAP and StorageGRID.

To use the FabricPool setup wizard to complete this task, go to Access and complete the FabricPool setup wizard.

Before you begin
Steps

  1. Select CONFIGURATION > Network > Load balancer endpoints.

  2. Select Create.

  3. For the Enter endpoint details step, complete the following fields.

    Field Description

    Name

    A descriptive name for the endpoint.

    Port

    The StorageGRID port you want to use for load balancing. This field defaults to 10433 for the first endpoint you create, but you can enter any unused external port. If you enter 80 or 443, the endpoint is configured only on Gateway Nodes. These ports are reserved on Admin Nodes.

    Note: Ports used by other grid services aren't permitted. See the Network port reference.

    You will provide this number to ONTAP when you attach StorageGRID as a FabricPool cloud tier.

    Client type

    Select S3.

    Network protocol

    Select HTTPS.

    Note: Communicating with StorageGRID without TLS encryption is supported but not recommended.

  4. For the Select binding mode step, specify the binding mode. The binding mode controls how the endpoint is accessed—using any IP address or using specific IP addresses and network interfaces.

    Option Description

    Global (default)

    Clients can access the endpoint using the IP address of any Gateway Node or Admin Node, the virtual IP (VIP) address of any HA group on any network, or a corresponding FQDN.

    Use the Global setting (default) unless you need to restrict the accessibility of this endpoint.

    Virtual IPs of HA groups

    Clients must use a virtual IP address (or corresponding FQDN) of an HA group to access this endpoint.

    Endpoints with this binding mode can all use the same port number, as long as the HA groups you select for the endpoints don't overlap.

    Node interfaces

    Clients must use the IP addresses (or corresponding FQDNs) of selected node interfaces to access this endpoint.

    Node type

    Based on the type of node you select, clients must use either the IP address (or corresponding FQDN) of any Admin Node or the IP address (or corresponding FQDN) of any Gateway Node to access this endpoint.

  5. For the Tenant access step, select one of the following:

    Field Description

    Allow all tenants (default)

    All tenant accounts can use this endpoint to access their buckets.

    Allow all tenants is almost always the appropriate option for the load balancer endpoint used for FabricPool.

    You must select this option if you have not yet created any tenant accounts.

    Allow selected tenants

    Only the selected tenant accounts can use this endpoint to access their buckets.

    Block selected tenants

    The selected tenant accounts can't use this endpoint to access their buckets. All other tenants can use this endpoint.

  6. For the Attach certificate step, select one of the following:

    Field Description

    Upload certificate (recommended)

    Use this option to upload a CA-signed server certificate, certificate private key, and optional CA bundle.

    Generate certificate

    Use this option to generate a self-signed certificate. See Configure load balancer endpoints for details of what to enter.

    Use StorageGRID S3 and Swift certificate

    This option is available only if you have already uploaded or generated a custom version of the StorageGRID global certificate. See Configure S3 and Swift API certificates for details.

  7. Select Create.

Note Changes to an endpoint certificate can take up to 15 minutes to be applied to all nodes.