Getting started with Amazon FSx for NetApp ONTAP using NetApp management tools
File systems are an essential component of organizations. Among the most common requirements of any organization is access to shared data storage, which is readily available on via cloud infrastructures. An issue that has slowed migration to the cloud has been that tools and processes can be very different, requiring time to re-educate administrators.
Amazon FSx for NetApp ONTAP is a fully-managed shared storage service built on NetApp’s popular ONTAP file system. Amazon FSx for NetApp ONTAP provides the popular features, performance, and APIs of ONTAP file systems with the agility, scalability, and simplicity of a fully managed AWS service, making it easier for customers to migrate on-premises applications that rely on NAS appliances to AWS. FSx for ONTAP file systems are similar to on-premises NetApp clusters. Within each file system that you create, you also create one or more storage virtual machines (SVMs). These are isolated file servers each with their own endpoints for NFS, SMB, and management access, as well as authentication (for both administration and end-user data access). In turn, each SVM has one or more volumes which store your data.
You can manage and administer your file system, SVMs, and volumes using AWS management tools, such as the AWS Management Console, AWS Command Line Interface (AWS CLI), and Amazon FSx API and SDKs. You can also use NetApp management tools, such as NetApp BlueXP (formerly NetApp Cloud Manager), the NetApp ONTAP CLI, and the NetApp ONTAP REST API.
In this post, we focus on NetApp management tools and walk though common workflows to demonstrate the ease of using NetApp management tools in Amazon FSx for NetApp ONTAP. If you are familiar with NetApp management tools and are looking to move your data to the cloud, this post will show how you can use the tools that you are familiar and comfortable with, simplifying your move to the cloud and helping you reap the benefits. Please note that as you read through this blog and review the figures, that NetApp Cloud Manager is now known as NetApp BlueXP.
NetApp management tools
Here’s a quick overview of the NetApp management tools that we’ll be focusing on. You can see how to access these in the Managing FSx for ONTAP resources using the NetApp applications section of the FSx for ONTAP user guide.
- NetApp BlueXP: NetApp BlueXP provides a single pane of glass to manage, monitor, and automate ONTAP deployments – both FSx for ONTAP and Cloud Volumes ONTAP.
- NetApp ONTAP CLI and REST API: The NetApp ONTAP CLI and REST API are accessed through your file system or SVMs’ management interface (over SSH or HTTP).
Common operational workflows
For the purpose of this post, we’ll look into NetApp management tools for provisioning FSx for ONTAP file system, and subsequent operational use cases. We will take you through:
- Create a new FSx for NetApp ONTAP file system
- Joining an SVM to an active directory
- Creating a new Flexvol volume
- Creating a CIFS (common internet file system)
- Configuring a CIFS share and access management
- Apply AD access control to the CIFS share
- Configuring an NFS share and access management
1. Create a new FSx for NetApp ONTAP file system
You can create an FSx for ONTAP file system using AWS or NetApp management tools. Here is a matrix of tools and supported operational requirements:
Figure 1: Operational matrix for FSx for ONTAP and SVM creation
When you create a new file system from the Amazon FSx Console, Amazon FSx creates a file system with a single SVM and a root volume. When creating the file system, you can optionally join the SVM to an Active Directory to enable access from Windows and macOS clients over the Server Message Block (SMB) protocol. Refer to the user guide to create additional SVMs and volumes. Note that a volume security style determines permissions to control data access, and what client type can modify these permissions. Although you can access data on any volumes using either SMB or NFS regardless of its configured security style, you should choose the security style for your volumes that maps to how you manage permissions. If you maintain file permissions using NTFS ACLs, then choose NTFS. If you maintain UNIX file permissions, then choose UNIX.
If you want to create a file system using NetApp management tools, then you can only do so using NetApp BlueXP, because ONTAP CLI/ REST API are accessed through your cluster’s management interface (which doesn’t exist until you create your file system). To create a new FSx for ONTAP file system, you can log in to NetApp BlueXP by signing in to the portal as indicated in Figure 2. You will start by selecting Add Working Environment. This interactive wizard will take you through AWS authentication steps with sufficient privileges to create a new FSx for NetApp ONTAP file system. When a new file system is created, a default SVM also gets created. Note that you can’t create a new SVM in an already existing file system using BlueXP.
Figure 2: Using NetApp BlueXP (formerly Cloud Manager) to create FSx for ONTAP
You can also use the Amazon FSx Console, FSx CLI, and API to create a file system. More details are available in the user guide. After your file system is created, you can create an SVM in the file system.
2. Joining an SVM to an Active Directory
You can join an SVM to an AD during file system creation using the Console. You can also forego joining to the domain on creation, and instead join it using the ONTAP CLI or REST API. See the documentation for reference.
If you have an existing FSx file system, then you can import it to NetApp BlueXP, and use BlueXP to join any SVMs belonging to the file system to AD. To import your file system, select Enter working environment, and fill out the file system details. Once your file system is imported, select the SVM from the dashboard. Then, under Features, select CIFS Connectivity Setup. Enter your AD details, then select Set, which will join your SVM to your AD.
Figure 3: Using NetApp BlueXP (formerly Cloud Manager) to join SVM to an active directory
You can also use the ONTAP CLI to join an SVM to AD after it has been created. See how in the user guide.
3. Creating a new FlexVol volume
A FlexVol volume is a data container that enables you to partition and manage your data. These volumes are thin provisioned. This means that they consume storage capacity only for the data stored within them. You can create new volumes from the Amazon FSx Console, CLI, and API, as well as NetApp management tools (NetApp BlueXP, and the ONTAP CLI/ REST API).
To create a new volume using NetApp BlueXP, under Canvas look for the file system that you’ve created. And select the Volumes tab. By selecting the Add Volume tab, and subsequent interactive wizard, you can create a new volume.
Figure 4: Creating a new volume using NetApp BlueXP (formerly Cloud Manager)
To create a new volume using ONTAP CLI, you must establish a ssh session to your file system from a host that has access to the file system. Note that when you create a new volume for a CIFS share you should select ‘ntfs’ as volume security style.
Figure 5: Creating a new volume using ONTAP CLI
4. Creating a CIFS (common internet file system)
CIFS (SMB) shares are network file shares. You can create new shares using NetApp management tools (NetApp BlueXP, and the ONTAP CLI/ REST API). Additionally, you can also use Windows server to create a share.
When creating a volume with the purpose to serve CIFS traffic using BlueXP, you’ll be prompted to select volume protocol during volume create. For the CIFS use, you’ll select the CIFS Protocol. Then, you’ll add a share name, and also provide a valid AD group with a set of permissions to that share. A new volume and a CIFS share are created after wizard is complete.
Figure 6: Creating CIFS share using NetApp BlueXP (formerly Cloud Manager)
To create a CIFS share using NetApp ONTAP CLI, follow the procedures outlined in the ONTAP documentation. Figure 7 is an example on how to create a new share:
Figure 7: ONTAP CLI to join SVM to an active directory
Figure 8: Creating CIFS share using ONTAP CLI
You can also use the Windows file server management service on a Windows server to create a CIFS share. By using Connect to another computer to connect to the management end-point IP address or hostname of the file system, you can create a CIFS share following interactive wizard. Refer to the FSx ONTAP guide. Figure 9 is an example:
Figure 9: Creating CIFS Share using Windows File Server
5. Configuring CIFS share and access management
Windows and macOS typically uses the SMB protocol in an environment that requires network file sharing. FSx for ONTAP uses CIFS shares, which is an enhanced version of the SMB protocol for network file sharing. There is a set of operational workflows that you will need to follow while setting up CIFS shares, and subsequent Active Directory (AD) based access permissions setup.
Let’s breakdown the CIFS workflow and tools that can perform these actions.
Figure 10: CIFS workflow
The first requirement for a CIFS setup is to create an SVM. In the previous section, you’ve already learned methods for creating SVMs that hold data volumes. Now let’s look at how to join an SVM to an Active Directory (AD).
6. Apply AD access control to the CIFS share
Granting or restricting access to a desired AD user/group is a mechanism for applying security permission to a file share. If a user isn’t granted access to the share, then the user will get a permission denied error. You can apply security permission using Windows file server.
To configure share permissions using Windows server, connect to the FSx for ONTAP file system as outlined in the documentation. Locate the file share, and select the Security tab under share Properties. Now you can update share permissions by adding or modifying the desired AD user or group. Figure 11 is an example of how to configure it:
Figure 11: Applying AD security permission to a Share
We just demonstrated how you can use different tools for CIFS workflow. Next, we’ll show you how to use these tools for NFS workflow.
7. Configuring an NFS share and access management
NFS shares are network file shares used among Unix systems. When you create a volume to use it for Unix, you can create an NFS share mapping to the same volume. You can create NFS shares using NetApp management tools (NetApp BlueXP, and the ONTAP CLI / REST API).
Let’s look at the breakdown of NFS workflow and supported tools.
Figure 12: NFS share operational workflow and tools matrix
Creating an NFS share involves the use of export policies and rules, which are a mechanism for sharing and granting share access to NFS clients. This is where you specify share access criteria for clients, such as file protocol, access type, client identifiers, hostname or IP address of client, subnet or group, and security type.
To create an NFS share using BlueXP, you’ll select NFS under Volumes Protocol while you are creating a new volume. You can also specify NFS version, and export-policy as part of the volume create process. Note that export-policy configuration can be modified at any time as share permission requirements change.
Figure 13: Creating volume and export-policy using NetApp BlueXP (formerly Cloud Manager)
To create an NFS share, and set export-policy using ONTAP CLI, refer to the NetApp documentation. Here is an example of using ONTAP CLI:
Figure 14: Creating an export-policy, and a volume using ONTAP CLI
You can also validate client access using ONTAP CLI. Here is an example:
Figure 15: Validating client access to a volume using ONTAP CLI.
After you have finished these operations, you should follow these steps to clean up your resources and protect your AWS account from unwarranted charges.
In this post, you learned that there are multiple tools available for managing FSx for NetApp ONTAP file systems, including AWS and NetApp management tools. We focused on NetApp management tools. You can use the management tools of your preference to manage your cloud file storage with the FSx for NetApp ONTAP file system. Furthermore, we demonstrated operational actions that are involved in provisioning storage for Windows and Unix environments using the FSx for ONTAP file system.
If you are familiar with NetApp management tools, this post should make it incredibly simple to get started with FSx for NetApp ONTAP without having to pick up an entirely new skillset. This will allow you to manage your file systems with tools you are comfortable with, but with all of the benefits of the AWS cloud and FSx for NetApp ONTAP.