NetApp ONTAP Cloud in Azure – Full Deployment Guide

Intro

Welcome to my quick guide on deploying NetApp’s ONTAP Cloud into Azure.

If you’re unfamiliar with the product, ONTAP Cloud is NetApp’s ONTAP software, as see on FAS and AFF equipment for many years, now available in AWS and Azure. By running ONTAP Cloud you can gain the same efficiencies and software features available on a traditional hardware platform in your cloud infrastructure. There are many benefits of presenting storage via ONTAP Cloud, such as using its deduplication abilities to lower costs and SnapMirror to easily replicate data between hyperscalers.

Every ONTAP Cloud deployment starts with OnCommand Cloud Manager. OnCommand Cloud Manager is a bit of software that allows you to deploy and manage ONTAP Cloud instances. OnCommand Cloud Manager can be installed local to your site, or up in the cloud along side your ONTAP Cloud instances. Typically it’s best to run it in the cloud along side your ONTAP Cloud instances so that a network disconnect to your data center or other cloud environment does not impact management capabilities.

For Azure deployments of ONTAP Cloud the roadmap is quite simple…

  1. Verity Azure environment
  2. Deploy OnCommand Cloud Manager
  3. Deploy ONTAP Cloud

Note that this article is for reference only, as procedures and best practices are subject to change. Always consult with NetApp or NetApp partner for the most up to do date info. Best practices for cloud and application security should always be considered in addition to the steps within. That’s a very important aspect that I’m not fully covering here.

This document is currently in version 1.3, last update Jan 4th, 2018.

Procedure Video

Before starting I recommend watching this quick video from NetApp which runs through the deployment process. It’s pretty quick, does a great job at summarizing the process, but leaves out some of the important steps covered in this guide.

 

Limitations

As of this revision, there are some limitations for ONTAP Cloud deployments. Be sure to consult the latest release notes for finer details.

ONTAP Cloud 9.2 For Azure

  • 124 TB max raw capacity (dependent on instance & license)
  • Maximum of 31 aggregates per system, 48 TB max aggregate size, maximum usable of a 48 TB aggregate is 42.52 TB
  • Up to 2 billion files per volume
  • 500 FlexVol volumes per node, 38.72 TB of fully provisioned capacity per FlexVol
  • 255 snapshot copies per FlexVol
  • High availability environments not currently supported in Azure (as of ONTAP 9.2)
  • ONTAP Cloud managed encryption not supported is supported, however you can leverage Azure’s encryption services to encrypt the underlying storage

 

Installation

Step 1 – Prep Your Azure Environment

Before installation can begin you need to ensure your Azure infastruture is ready for deployment. Here are some of the basics,

  • Ensure your Azure environment meets security best practices. Secure your cloud!
  • OnCommand Cloud Manager and ONTAP Cloud systems must reside in a target VNet where at least one subnet has outbound internet access
  • If deployment OnCommand Cloud Manager and ONTAP Cloud in different subnets/networks, those networks must be able to communicate (they need to be able to talk to each other).
  • Configure VPN connections for any communication between external ONTAP Cloud connections (e.g. from local ONTAP environments, or to other ONTAP Cloud environments).

The crux of this step, however, is granting permissions so that Cloud Manager can do its thing. This involves setting up a service principal in Azure AD and obtaining credentials. You’ll also have to save a few strings of data throughout this process.

Before getting started I highly recommend you read the following documents from NetApp. For the purpose of this guide I assume that your Azure foundation is solid as just jumping right in can lead to all kinds of issues later on.

 

Step 1.1 – Download the latest Azure policy for Cloud Manager from NetApp

Step 1.2 – Modify the JSON file with the relevant Azure subscription information.

In the Azure portal, navigate to Billing > Overview and look for subscription ID. Copy this for the next step. Repeat for any relevant Azure subscription.

 

Step 1.3 – Update the previously downloaded JSON file with the Azure subscription IDs. If you’re unfamiliar with JSON script you can check your changes by plugging the whole content of the file into a validation tool like JSONLint for a quick check up.

"AssignableScopes": [
 "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
 ],

 

Step 1.4 – Create the ‘OnCommand Cloud Manager Operator’ custom role

Using PowerShell, run Login-AzureRmAccount (this requires the Azure Cmdlets Module which you can download here (Command-Line Tools > PowerShell)). If you don’t have access to PowerShell you can leverage Azure CLI which is demonstrated on the above video.

After you’re logged in run New-AzureRmRoleDefinition -Inputfile “C:\[Path to the JSON file]”

If successful you’ll see that the OnCloud Manager Operator role has been created.

 

Step 1.5 – Create an AD service principal

In the Azure console, go to Active Directory > App Registrations. In this section click Add, then enter a friendly name, keep the application type as Web app/API, and enter http://url as the sing-on URL.

Save the Application ID for later.

Step 1.6 – Update the app registration

Select the item you just created and navigate through each of the subsequent Azure popups… All Settings > Required Permissions > Add

When you get to the Add API access pane, start with Select an API and choose Windows Azure Service Management API. On the next section select Access Azure Service Management as organization users (preview).

Step 1.7 – Generate API keys

Head back and click Keys. Enter a name, an expiration date, then click save. An API key will be generated, save this key! You won’t be able to view this later.

 

 

Step 1.8 – Get the Directory ID

Return to the Active Directory section, go to properties, and save the Directory ID. This value will be used as the “Tenant ID” later on during the setup.

 

Step 1.9 – Get the Azure Subscription ID

On the left hand size select Subscriptions. NetApp’s documentation has a key, I have what looks like a fax machine, and I had to search through the menu options to find it. Save the Subscription ID, you’ll need that later to log in programmatically.

 

Step 1.10 – Grant the OnCloud Manager Operator role access to the Azure subscription

While in the Subscription section, select the Subscription > Access Control (IAM). Click add, then from the next pane, select the OnCloud Manager Operator role and the member you created earlier (type to search, scrolling won’t work). Click Save.

Step 1.11 – Configure Programmatic

While we’re at it, let’s configure progammatic deployment. From the market place search for NetApp or ONTAP Cloud. Select one of the results, and all the way at the bottom select “Want to deploy programmatically? Get Started” Click that and on the next window click enable and save. Repeat for each of the steps.

 

 

All done!

Did you record the Application ID, the API key, Directory ID, and subscription ID? If so you’re good to go to Step 2, the installation of OnCommand Cloud Manager.

 


Step 2 – Deploy OnCommand Cloud Manager

Once you’ve got Azure all set, it’s time to deploy OnCommand Cloud Manager.

Step 2.1 – Enable Programmatic Deployments

Log into your Azure environment and find OnCommand Cloud Manager in the market place. You can usually find it quickly by searching for “ONTAP” or “NetApp.” Click create to start virtual machine deployment.

Step 2.2 – Fill in the basics

Enter the following…

  • Name
  • VM Disk Type (I’m not aware of any reason to go SSD over HDD for the Cloud Manager, looks like the pricing is the same)
  • User Name
  • Password
  • Subscription
  • Resource Group (should have the one you created previously)
  • VM Location (see the release notes for supported regions)

Step 2.3 – Choose a Size

OnCommand Cloud Manager is currently supported on instance types A2, D1, D2, D1_v2, and D2_v2. Options are likely to vary per region.

Step 2.4 – Configure Network and Other Settings

Consult with your Azure administrator to determine the best network location for this system.

Step 2.5 – Validate

If everything looks good, hit purchase and continue. See that hourly cost from NetApp? That’s right, OnCommand Cloud Manager is free to use (well, you still have to pay Microsoft to run it in Azure).

Validate can take 5-10 minutes. Once it completes enter the public IP address into your browser to for the final config steps.

Step 2.6 – Set up Cloud Manager

Browse to the OnCommand Cloud Manager via the assigned public IP address. Select ‘Set up Cloud Manager.’

Time to walk through the wizard, entering the following information as you do…

  • Site
  • Company
  • First Name
  • Last Name
  • Email Address (User Name)
  • Password
  • Application ID
  • Azure Key (API Key)
  • Subscription ID
  • Tenant ID (Directory ID)
  • ONTAP Cloud Tenant info
  • NetApp Support Site Credentials (Listed as optional, but you’ll need this for licensing and support services)
  • Automatically Upgrade (Recommended)
  • That you’ve read and approve the user agreement
  • Capacity Management (this can be changed at any time)
    • Automatic manages storage for ONTAP Cloud (purchasing more storage, deleting unused disks, and moving volumes between disks)
    • Manual requires user access before any of the prior actions can take place
  • Go!

 

In about 5 minutes the configuration will finalize and you’ll be all set to start deploying ONTAP Cloud instances.

Take some time to get to know the GUI. Note the cool chat in the lower right hand corner that should pop up with the latest updates each time you log in. You can actually use that to chat and ask questions if any should arise. It’s 24/7, but the team is dispersed and you may not get a prompt response on evenings and weekends.

Working environments consist of one or more ONTAP Cloud instances and can even expand to local ONTAP environments.

Tenants, like the one you created earlier, are used to isolate working environments. Users can be created under each tenant to isolate access, allowing different groups to provision and manage their own ONTAP environments. You can read more about tenants here.

The timeline is basically a log of all events within the system.

 

 


Step 3 – Deploy ONTAP Cloud Working Environments

As with most things, before we can deploy ONTAP Cloud, there are some preliminary work and considerations to consider.

Build out the appropriate VNet for each working environment per your organization’s practices (since my test environment is pretty basic I placed it in the same VNet set up during the Cloud Manager install). Note that the OnCommand Cloud Manager instance will need network connectivity to the target VNet and the ONTAP Cloud VM will need outbound internet access (namely for licensing and support services). You don’t need to configure a new security group, the deployment wizard will take care of that for you. Azure networking requirements can be found here and the security group rules can be found here.

It’s also important to understand the licensing model and underlying VM sizes. You’ll need to know this during the provisioning process so now’s a good time to plan if you haven’t already. You can read more about the licensing and sizes here.

You’ll also be asked whether you want Premium Storage or Standard Storage, essentially SSD vs. HDD storage. Oh, of course there are different costs associated which you can read about here, along with the throughput per disk numbers.

If, down the road you need to change the size of your ONTAP Cloud VM, you can do that though it will be a disruptive change. A set of allocated drives in an aggregate cannot be change on the fly though. If you have additional supported capacity on the VM you can instead add a new aggregate with new drives and non-disruptively move the volume over. If you don’t have any additional room on the VM you can stand up a new ONTAP Cloud VM and SnapMirror the data over efficiently.  There’s also a configuration option that affects write speed which changes how ONTAP responds to writes. If write speed is set to normal incoming writes will be written on the disk before acknowledgement is returned. If write speed is set to high those writes will be acknowledged when they hit the system memory. Writes to memory are a lot faster, but this being a virtualized environment, there is no battery backup for the cache. This means that a service disruption could result in data loss. NetApp has a brief article on write speed here. Good news is that you can change this later, though it will require an outage.

Ready to get started?

Step 3.1 – Start the Deployment Wizard

In Cloud Manager go to Working Environments and select Add Environment. While you can deploy AWS instances from an Azure based OnCommand Cloud Manager, I’m only going to cover the Azure side in this article.

Work your way through the wizard entering the following information…

  • Environment Name (numbers and letters only)
  • Tags (optional)
  • Admin password
  • Region
  • VNet
    • Subnet & Security Group (Existing or newly generated)
  • BYOL License (it’s like saying Automatic Teller Machine Machine)
  • If not BOYL, you can choose from the list of default pay-as-you-go packages for customize your own
  • NetApp Support Site credentials
  • Premium Storage or Standard Storage
  • Disk Size
  • Write Speed
  • Create a volume (optional)

Give everything one last review and start the process. In about 25-30 minutes you’ll have a new ONTAP Cloud environment to enjoy.


Now What?

So you’ve got OnCommand Cloud Manager installed, and your first instance of ONTAP Cloud… now what? Well in addition to sharing out storage here are some of the cool features available…

  • Allocate new storage
  • Schedule ONTAP downtime – Shut the system down when you don’t need it to save money
  • Manage replication
  • Upgrade – Requires NetApp Support Site credentials
  • Change the VM or license type – Outage required for VM changes
  • Back up your Cloud Manager environment
  • Disassociate working environments – So you can discover them into another OnCommand Cloud Manager

 


Helpful Documentation

 

 


 

Special thanks to Kevin Hill at NetApp for giving me a few pointers and a much needed proofread!