Amazon FSx for NetApp ONTAP Prerequisites
Last Updated | 01 June 2023 |
- The minimum required version of Amazon FSx for NetApp ONTAP (FSxN) for use with Peer Global File Service or PeerSync is v9.11.
- Any Windows Server that will be interfacing with an FSxN Storage Virtual Machine (SVM) with the Peer Agent or PeerSync must be on the same domain, same network segment, and same subnet as the SVM. This network must operate at speeds of at least 1 Gbit/sec.
SMB Multichannel Support must be disabled on the SVM.
CODEset -priv diag cifs options modify -vserver <SVM Name> -is-multichannel-enabled false
All client connections to the SVM must be reset once this change is made on the SVM.
- The minimum version of Windows required for FPolicy support with the Peer Agent or PeerSync is Windows Server 2012.
- The FPolicy Server hosting the Peer Agent or PeerSync can only work with a single SVM at a time.
- No other FPolicy or VSCAN products from Peer Software or any other vendor can be run on the FPolicy Server hosting the Peer Agent or PeerSync. In addition, no other Peer Software products can be run on this server (such as the Peer Management Center).
CIFS Permissions: The service account for the Peer Agent or PeerSync must be a member of the Local Admin Group on the SVM. To add the service account <Domain User Name> (in the format "DOMAIN\USERNAME") to the Local Admin Group of SVM <SVM Name>, run the following ONTAP command from the cluster context:
CODEvserver cifs users-and-groups local-group add-members -vserver <SVM Name> -group-name BUILTIN\Administrators -member-names <Domain User Name>
CIFS Privileges: To properly query and set DACLs, SACLs, owner and/or group configurations on files and folders, the service account for the Peer Agent or PeerSync must be granted special privileges. To grant these privileges to the account <Domain User Name> (in the format "DOMAIN\USERNAME") on SVM <SVM Name>, use the following ONTAP command from the cluster context:
CODEvserver cifs users-and-groups privilege add-privilege -vserver <SVM Name> -user-or-group-name <Domain User Name> -privileges SeBackupPrivilege,SeRestorePrivilege,SeSecurityPrivilege,SeTakeOwnershipPrivilege,SeTcbPrivilege
- API Permissions: Peer Agent and PeerSync must both be configured with an account on the SVM that has been granted ONTAPI access. It is recommended that this be a dedicated local account on the associated SVM just for the use of Peer products. For FSxN deployments, the default vsadmin service account is sufficient assuming you have specified a password for this account in the AWS management console.
The following ONTAP commands can be executed from the cluster context to create a local account <User Name> with appropriate API access on SVM <SVM Name>:
CODEsecurity login create -vserver <SVM Name> -username <User Name> -application ontapi -authmethod password -role vsadmin
You will be prompted to enter a password. Then run:
CODEsecurity login create -vserver <SVM Name> -username <User Name> -application ssh -authmethod password -role vsadmin
Note: The username and password of this account must be entered into each Peer product for now as part of the configuration process.
- No firewalls (software or hardware) should be enabled between the FPolicy Server and the SVM.