简体中文版经机器翻译而成,仅供参考。如与英语版出现任何冲突,应以英语版为准。
准备配置ONTAP Cloud Mediator
贡献者
建议更改
PDF
在你之前"配置ONTAP Cloud Mediator" ,您必须确保满足先决条件。
防火墙要求
域控制器上的防火墙设置必须允许 HTTPS 流量 `api.bluexp.netapp.com`来自两个集群。
代理服务器要求
如果您使用代理服务器进行SnapMirror主动同步,请确保已创建代理服务器并且您具有以下代理服务器信息:
-
HTTPS代理IP
-
Port
-
Username
-
Password
延迟
NetApp控制台云服务器和SnapMirror主动同步集群对等点之间的建议 ping 延迟小于 200 毫秒。
根 CA 证书
检查集群的证书
ONTAP预装了知名的根 CA 证书,因此在大多数情况下,您不需要安装NetApp控制台服务器的根 CA 证书。在开始ONTAP Cloud Mediator 配置之前,您可以检查集群以验证证书是否存在:
示例
C1_cluster% openssl s_client -showcerts -connect api.bluexp.netapp.com:443 -servername api.bluexp.netapp.com | egrep "s:|i:"
depth=4 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=4 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
verify return:1
depth=3 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
verify return:1
depth=2 C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root R46
verify return:1
depth=1 C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA OV R36
verify return:1
depth=0 C=US, ST=California, O=NetApp, Inc., CN=cloud.netapp.com
verify return:1
0 s:C=US, ST=California, O=NetApp, Inc., CN=cloud.netapp.com
i:C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA OV R36
1 s:C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA OV R36
i:C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root R46
2 s:C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root R46
i:C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
3 s:C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
4 s:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
C1_cluster::> security certificate show -common-name Sectigo*|USERTrust*|AAA*
Vserver Serial Number Certificate Name Type
---------- --------------- -------------------------------------- ------------
C1_sti245-vsim-ocvs024k_1775534714 42F2CCDA1B6937445F15FE752810B8F4 SectigoPublicServerAuthenticationRootE46 server-ca
Certificate Authority: Sectigo Public Server Authentication Root E46
Expiration Date: Wed Mar 21 19:59:59 2046
C1_sti245-vsim-ocvs024k_1775534714 758DFD8BAE7C0700FAA925A7E1C7AD14 SectigoPublicServerAuthenticationRootR46 server-ca
Certificate Authority: Sectigo Public Server Authentication Root R46
Expiration Date: Wed Mar 21 19:59:59 2046
C1_sti245-vsim-ocvs024k_1775534714 5C8B99C55A94C5D27156DECD8980CC26 USERTrustECCCertificationAuthority server-ca
Certificate Authority: USERTrust ECC Certification Authority
Expiration Date: Mon Jan 18 18:59:59 2038
C1_sti245-vsim-ocvs024k_1775534714 01FD6D30FCA3CA51A81BBC640E35032D USERTrustRSACertificationAuthority server-ca
Certificate Authority: USERTrust RSA Certification Authority
Expiration Date: Mon Jan 18 18:59:59 2038
检查代理服务器是否安装了证书
如果您使用代理连接到NetApp控制台中的ONTAP Cloud Mediator 服务,请确保代理服务器的根 CA 证书已安装在ONTAP中:
示例
C1_cluster% openssl s_client -showcerts -proxy <ip:port> -connect api.bluexp.netapp.com:443 -servername api.bluexp.netapp.com |egrep "s:|i:"
下载CA证书:
如果需要,您可以从证书颁发机构的网站下载根 CA 证书并将其安装在集群上。
示例
C1_cluster::> security certificate install -type server-ca -vserver C1_cluster C2_cluster::> security certificate install -type server-ca -vserver C2_cluster