Amazon FSx for NetApp ONTAP Prerequisites
Last Updated | 12 July 2024 |
- ONTAP Version Requirements:
- For SMB workloads, the minimum required version of Amazon FSx for NetApp ONTAP (FSxN) is v9.11.
- For NFS workloads, the minimum required version of Amazon FSx for NetApp ONTAP (FSxN) is v9.11. PeerSync is not supported for NFS workloads.
- Any server that will be interfacing with an FSxN Storage Virtual Machine (SVM) with the Peer Agent or PeerSync must reside within the same domain, same network segment, and same subnet as the SVM. Additionally, the network connection between the SVM and the Agent or PeerSync must operate at speeds of at least 1 Gbit/sec with sub-millisecond latency.
- Time Synchronization: The server hosting the Peer Agent or PeerSync as well as the FSxN SVM must synchronize their system clocks with the same private or public Network Time Protocol (NTP) service. If you are using virtual machines, ensure that time synchronization between the VM and the hypervisor host is disabled to ensure that the VMs rely solely on NTP for timekeeping.
- Server OS Version Requirements:
- For SMB workloads, the minimum version of Windows required for FPolicy support with the Peer Agent or PeerSync is Windows Server 2016.
- For NFS workloads, the Peer Agent must be installed on Ubuntu Server 22.04 operating system or later, or Red Hat Enterprise Linux v8.8 or later. PeerSync is not supported for NFS workloads.
SMB Multichannel Requirement: SMB Multichannel Support must be disabled on the SVM.
CODEset -priv diag cifs options modify -vserver <SVM Name> -is-multichannel-enabled false
All client connections to the SVM must be reset once this change is made on the SVM.
- NFS Protocol Version Requirements: Clients must exclusively use NFSv3.0 or NFSv4.0 for accessing data. NFSv4.1, NFSv4.2, and pNFS are not supported by FPolicy.
- The FPolicy Server hosting the Peer Agent or PeerSync can only work with a single SVM at a time.
- No other FPolicy or VSCAN products from Peer Software or any other vendor can be run on the FPolicy Server hosting the Peer Agent or PeerSync. In addition, no other Peer Software products can be run on this server (such as Peer Management Center or Peer Management Broker).
Privileges and Permissions for SMB Workloads
CIFS Permissions: The service account for the Peer Agent or PeerSync must be a member of the Local Admin Group on the SVM. To add the service account <Domain User Name> (in the format "DOMAIN\USERNAME") to the Local Admin Group of SVM <SVM Name>, run the following ONTAP command from the cluster context:
CODEvserver cifs users-and-groups local-group add-members -vserver <SVM Name> -group-name BUILTIN\Administrators -member-names <Domain User Name>
CIFS Privileges: To properly query and set DACLs, SACLs, owner and/or group configurations on files and folders, the service account for the Peer Agent or PeerSync must be granted special privileges. To grant these privileges to the account <Domain User Name> (in the format "DOMAIN\USERNAME") on SVM <SVM Name>, use the following ONTAP command from the cluster context:
CODEvserver cifs users-and-groups privilege add-privilege -vserver <SVM Name> -user-or-group-name <Domain User Name> -privileges SeBackupPrivilege,SeRestorePrivilege,SeSecurityPrivilege,SeTakeOwnershipPrivilege,SeTcbPrivilege
- Privileges and Permissions for NFS Workloads: The Peer Agent server IP needs to be granted superuser access in the export policies for any volumes that this Agent will be monitoring, as well as the parents of these volumes in the SVM's namespace.
API Permissions: Peer Agent and PeerSync must both be configured with an account on the SVM that has been granted ONTAPI access. It is recommended that this be a dedicated local account on the associated SVM just for the use of Peer products. The following ONTAP commands can be executed from the cluster context to create a local account <User Name> with appropriate ONTAP API access on SVM <SVM Name>.
If you are running PeerGFS v5.2 and above, a new REST-based API model is in place. HTTP support is required for the user account. You can create this account using the following command:CODEsecurity login create -vserver <SVM Name> -username <User Name> -application http -authmethod password -role vsadmin
Note: The username and password of this account must be entered into each Peer product as part of the configuration process.
- No active firewalls (software or hardware) should be enabled between the server hosting Peer Agent or PeerSync and the SVM.
Related articles
- Achieving high availability for the PMC through active-passive configuration
- Achieving high availability for the PMC through active-passive configuration (v4.7.0 - v5.1.1)
- Achieving high availability for the PMC through active-passive configuration (v5.2 and later)
- Amazon FSx for NetApp ONTAP Prerequisites
- Dell EMC Celerra | VNX | VNX 2 Prerequisites
- Dell PowerScale Prerequisites
- Dell Unity Prerequisites
- Does the EOA of NetApp ONTAPI impact PeerGFS?
- Firewall Requirements
- Getting Started with PeerGFS and Amazon FSx for NetApp ONTAP
- Issues runing PeerSync as a service
- NetApp Data ONTAP 7-Mode Prerequisites
- NetApp ONTAP Prerequisites
- Nutanix Files Prerequisites
- Peer Global File Service - Environmental Requirements