本繁體中文版使用機器翻譯,譯文僅供參考,若與英文版本牴觸,應以英文版本為準。
準備配置ONTAP Cloud Mediator
貢獻者
建議變更
PDF
在你之前"配置ONTAP Cloud Mediator" ,您必須確保滿足先決條件。
防火牆需求
網域控制器上的防火牆設定必須允許 HTTPS 流量 `api.bluexp.netapp.com`來自兩個集群。
代理伺服器要求
如果您使用代理伺服器進行SnapMirror主動同步,請確保已建立代理伺服器並且您具有以下代理伺服器資訊:
-
HTTPS代理IP
-
連接埠
-
使用者名稱
-
密碼
延遲
NetApp控制台雲端伺服器和SnapMirror主動同步叢集對等點之間的建議 ping 延遲小於 200 毫秒。
根 CA 憑證
檢查集群的證書
ONTAP預先安裝了知名的根 CA 證書,因此在大多數情況下,您不需要安裝NetApp控制台伺服器的根 CA 憑證。在開始ONTAP Cloud Mediator 設定之前,您可以檢查叢集以驗證憑證是否存在:
範例:
C1_cluster% openssl s_client -showcerts -connect api.bluexp.netapp.com:443 -servername api.bluexp.netapp.com | egrep "s:|i:"
depth=4 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=4 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
verify return:1
depth=3 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
verify return:1
depth=2 C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root R46
verify return:1
depth=1 C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA OV R36
verify return:1
depth=0 C=US, ST=California, O=NetApp, Inc., CN=cloud.netapp.com
verify return:1
0 s:C=US, ST=California, O=NetApp, Inc., CN=cloud.netapp.com
i:C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA OV R36
1 s:C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA OV R36
i:C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root R46
2 s:C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root R46
i:C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
3 s:C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
4 s:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
C1_cluster::> security certificate show -common-name Sectigo*|USERTrust*|AAA*
Vserver Serial Number Certificate Name Type
---------- --------------- -------------------------------------- ------------
C1_sti245-vsim-ocvs024k_1775534714 42F2CCDA1B6937445F15FE752810B8F4 SectigoPublicServerAuthenticationRootE46 server-ca
Certificate Authority: Sectigo Public Server Authentication Root E46
Expiration Date: Wed Mar 21 19:59:59 2046
C1_sti245-vsim-ocvs024k_1775534714 758DFD8BAE7C0700FAA925A7E1C7AD14 SectigoPublicServerAuthenticationRootR46 server-ca
Certificate Authority: Sectigo Public Server Authentication Root R46
Expiration Date: Wed Mar 21 19:59:59 2046
C1_sti245-vsim-ocvs024k_1775534714 5C8B99C55A94C5D27156DECD8980CC26 USERTrustECCCertificationAuthority server-ca
Certificate Authority: USERTrust ECC Certification Authority
Expiration Date: Mon Jan 18 18:59:59 2038
C1_sti245-vsim-ocvs024k_1775534714 01FD6D30FCA3CA51A81BBC640E35032D USERTrustRSACertificationAuthority server-ca
Certificate Authority: USERTrust RSA Certification Authority
Expiration Date: Mon Jan 18 18:59:59 2038
檢查代理伺服器是否安裝了證書
如果您使用代理程式連接到NetApp控制台中的ONTAP Cloud Mediator 服務,請確保代理伺服器的根 CA 憑證已安裝在ONTAP中:
範例:
C1_cluster% openssl s_client -showcerts -proxy <ip:port> -connect api.bluexp.netapp.com:443 -servername api.bluexp.netapp.com |egrep "s:|i:"
下載CA憑證:
如果需要,您可以從憑證授權單位的網站下載根 CA 憑證並將其安裝在叢集上。
範例:
C1_cluster::> security certificate install -type server-ca -vserver C1_cluster C2_cluster::> security certificate install -type server-ca -vserver C2_cluster