Skip to main content
Skip table of contents

Amazon FSx for NetApp ONTAP Prerequisites

Last Updated16 February 2024
  1. ONTAP Version Requirements:
    1. For SMB workloads, the minimum required version of Amazon FSx for NetApp ONTAP (FSxN) is v9.11.
    2. For NFS workloads, the minimum required version of Amazon FSx for NetApp ONTAP (FSxN) is v9.11.  PeerSync is not supported for NFS workloads.

  2. Any server that will be interfacing with an FSxN Storage Virtual Machine (SVM) with the Peer Agent or PeerSync must reside within the same domain, same network segment, and same subnet as the SVM.  Additionally, the network connection between the SVM and the Agent or PeerSync must operate at speeds of at least 1 Gbit/sec with sub-millisecond latency.
  3. Server OS Version Requirements:
    1. For SMB workloads, the minimum version of Windows required for FPolicy support with the Peer Agent or PeerSync is Windows Server 2016.
    2. For NFS workloads, the Peer Agent must be installed on Ubuntu Server 22.04 operating system or later, or Red Hat Enterprise Linux v8.8 or later.  PeerSync is not supported for NFS workloads.

  4. SMB Multichannel Requirement: SMB Multichannel Support must be disabled on the SVM.

    CODE
    set -priv diag
    cifs options modify -vserver <SVM Name> -is-multichannel-enabled false

    All client connections to the SVM must be reset once this change is made on the SVM.

  5. NFS Protocol Version Requirements, clients must exclusively use NFSv3 or NFSv4 for accessing data. NFSv4.1 and pNFS are not supported by FPolicy.

  6. The FPolicy Server hosting the Peer Agent or PeerSync can only work with a single SVM at a time.

  7. No other FPolicy or VSCAN products from Peer Software or any other vendor can be run on the FPolicy Server hosting the Peer Agent or PeerSync. In addition, no other Peer Software products can be run on this server (such as Peer Management Center or Peer Management Broker).

  8. Privileges and Permissions for SMB Workloads

    1. CIFS Permissions:  The service account for the Peer Agent or PeerSync must be a member of the Local Admin Group on the SVM.  To add the service account <Domain User Name> (in the format "DOMAIN\USERNAME") to the Local Admin Group of SVM <SVM Name>, run the following ONTAP command from the cluster context: 

      CODE
      vserver cifs users-and-groups local-group add-members -vserver <SVM Name> -group-name BUILTIN\Administrators -member-names <Domain User Name>
    2. CIFS Privileges:  To properly query and set DACLs, SACLs, owner and/or group configurations on files and folders, the service account for the Peer Agent or PeerSync must be granted special privileges.  To grant these privileges to the account <Domain User Name> (in the format "DOMAIN\USERNAME") on SVM <SVM Name>, use the following ONTAP command from the cluster context:

      CODE
      vserver cifs users-and-groups privilege add-privilege -vserver <SVM Name> -user-or-group-name <Domain User Name> -privileges SeBackupPrivilege,SeRestorePrivilege,SeSecurityPrivilege,SeTakeOwnershipPrivilege,SeTcbPrivilege
  9. Privileges and Permissions for NFS Workloads: The Peer Agent server IP needs to be granted superuser access in the export policies for any volumes that this Agent will be monitoring, as well as the parents of these volumes in the SVM's namespace.

  10. API Permissions:  Peer Agent and PeerSync must both be configured with an account on the SVM that has been granted ONTAPI access.  It is recommended that this be a dedicated local account on the associated SVM just for the use of Peer products.  The following ONTAP commands can be executed from the cluster context to create a local account <User Name> with appropriate ONTAP API access on SVM <SVM Name>.

    If you are running PeerGFS v5.2 and above, a new REST-based API model is in place. HTTP support is required for the user account.  You can create this account using the following command:

    CODE
    security login create -vserver <SVM Name> -username <User Name> -application http -authmethod password -role vsadmin

    Note:  The username and password of this account must be entered into each Peer product as part of the configuration process.

  11. No active firewalls (software or hardware) should be enabled between the server hosting Peer Agent or PeerSync and the SVM.



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.