Skip to main content
Skip table of contents

NetApp ONTAP Prerequisites

Last Updated18 February 2025
  1. ONTAP Version Requirements:
    1. For SMB workloads, the minimum required version of clustered Data ONTAP (cDOT) is v8.2.  Older versions of cDOT will not function properly.  ONTAP 9 and above are supported, as well as Cloud Volumes ONTAP and ONTAP Select.
    2. For NFS and multi-protocol workloads, the minimum required version of ONTAP is v9.  Cloud Volumes ONTAP and ONTAP Select are supported.  PeerSync is not supported for NFS or multi-protocol workloads.

  2. Any server that will be interfacing with a Storage Virtual Machine (SVM) through a Peer Agent or PeerSync must reside within the same domain, share the same network segment, and belong to the same subnet as the SVM.  Additionally, the network connection between the SVM and the Agent or PeerSync must operate at speeds of at least 1 Gbit/sec with sub-millisecond latency.

  3. Time Synchronization:  The server hosting the Peer Agent or PeerSync as well as the NetApp SVM must synchronize their system clocks with the same private or public Network Time Protocol (NTP) service.  If you are using virtual machines, ensure that time synchronization between the VM and the hypervisor host is disabled to ensure that the VMs rely solely on NTP for timekeeping.

  4. Server OS Version Requirements:
    1. For SMB workloads, the minimum version of Windows required for FPolicy support with the Peer Agent or PeerSync is Windows Server 2016.
    2. For NFS and multi-protocol workloads, the Peer Agent must be installed on Ubuntu Server 22.04 operating system or later, Red Hat Enterprise Linux v9.x or later or Rocky Linux v9.x or later.  PeerSync is not supported for NFS or multi-protocol workloads.

  5. SMB Multichannel Requirement for SMB and multi-protocol workloads:  SMB Multichannel support must be disabled on the SVM.

    CODE 
    set -priv diag
cifs options modify -vserver <SVM Name> -is-multichannel-enabled false

    All SMB client connections to the SVM must be reset once this change is made on the SVM.

  6. NFS Protocol Version Requirements:  If using ONTAP v9.14 or earlier, clients must exclusively use NFSv3.0 or NFSv4.0 for accessing data.  If running ONTAP v9.15 or newer, clients may also use NFSv4.1.  NFSv4.2, and pNFS are not supported by FPolicy.

  7. The FPolicy Server hosting the Peer Agent or PeerSync can only work with a single SVM at a time.

  8. The server hosting the Peer Agent or PeerSync should not run any other products based on the FPolicy or VSCAN from Peer Software or any other vendor.  In addition, no other Peer Software products can be run on this server (such as Peer Management Center or Peer Management Broker).

  9. Infinite Volumes are not supported.  FlexGroups are supported with ONTAP 9.4 and above.

  10. The DNS name of the SVM must resolve to the IP address of the data LIF(s) used for file access.

  11. Privileges and Permissions for SMB Workloads:

    1. CIFS Permissions:  The service account for the Peer Agent or PeerSync must be a member of the Local Admin Group on the SVM.  To add the service account <Domain User Name> (in the format "DOMAIN\USERNAME") to the Local Admin Group of SVM <SVM Name>, run the following ONTAP command from the cluster context: 

      CODE 
      vserver cifs users-and-groups local-group add-members -vserver <SVM Name> -group-name BUILTIN\Administrators -member-names <Domain User Name>

    2. CIFS Privileges:  To properly query and set DACLs, SACLs, owner and/or group configurations on files and folders, the service account for the Peer Agent or PeerSync must be granted special privileges.  To grant these privileges to the account <Domain User Name> (in the format "DOMAIN\USERNAME") on SVM <SVM Name>, use the following ONTAP command from the cluster context:

      CODE 
      vserver cifs users-and-groups privilege add-privilege -vserver <SVM Name> -user-or-group-name <Domain User Name> -privileges SeBackupPrivilege,SeRestorePrivilege,SeSecurityPrivilege,SeTakeOwnershipPrivilege,SeTcbPrivilege

  12. Privileges and Permissions for NFS Workloads:  The Peer Agent server IP needs to be granted superuser access in the export policies for any volumes that this Agent will be monitoring, as well as the parents of these volumes in the SVM's namespace.

  13. Privileges and Permissions for Multi-Protocol Workloads:

    1. CIFS Permissions:  When replicating Windows-style permissions, the domain account used by the Samba connection of the Peer Agent must be a member of the Local Admin Group on the SVM.  To add the service account <Domain User Name> (in the format "DOMAIN\USERNAME") to the Local Admin Group of SVM <SVM Name>, run the following ONTAP command from the cluster context: 

      CODE 
      vserver cifs users-and-groups local-group add-members -vserver <SVM Name> -group-name BUILTIN\Administrators -member-names <Domain User Name>

    2. CIFS Privileges:  When replicating Windows-style permissions, the domain account used by the Samba connection of the Peer Agent must be granted special privileges.  These privileges allow the Agent to properly query and set DACLs, owner and/or group configurations on files and folders.  To grant these privileges to the account <Domain User Name> (in the format "DOMAIN\USERNAME") on SVM <SVM Name>, use the following ONTAP command from the cluster context:

      CODE 
      vserver cifs users-and-groups privilege add-privilege -vserver <SVM Name> -user-or-group-name <Domain User Name> -privileges SeBackupPrivilege,SeRestorePrivilege,SeSecurityPrivilege,SeTakeOwnershipPrivilege,SeTcbPrivilege
    3. Export Privileges:  The Peer Agent server IP needs to be granted superuser access in the export policies for any volumes that this Agent will be monitoring, as well as the parents of these volumes in the SVM's namespace.

  14. API Access and Service Configuration:  At least one LIF per associated SVM must have management access enabled.  The server running the Peer Agent or PeerSync must be able to communicate with this management LIF.   This management LIF can also serve as a data LIF if desired.

    In ONTAP 9.7 and above, this management LIF must have management-https services set on its service policy configuration.  Customers upgrading from previous versions of ONTAP should have this automatically set upon existing LIFs.

    For example, to set this service on the default-data-files policy of SVM <SVM Name>, run the following ONTAP command from the cluster context in advanced mode (set -privilege advanced):

    CODE 
    net int service-policy add-service -vserver <SVM Name> -policy default-data-files -service management-https

  15. FPolicy Service Configuration:  Starting with ONTAP 9.8 and above, one SVM LIF per associated node of the cluster must have the data-fpolicy-client service set on its service policy configuration.  Customers upgrading from previous versions of ONTAP should have this automatically set upon existing LIFs.

    For example, to set this service on the default-data-files policy of SVM <SVM Name>, run the following ONTAP command from the cluster context in advanced mode (set -privilege advanced):

    CODE 
    net int service-policy add-service -vserver <SVM Name> -policy default-data-files -service data-fpolicy-client

  16. API Permissions:  The Peer Agent and PeerSync must both be configured with an account on the SVM that has been granted API access.  It is recommended that this be a dedicated local account on the associated SVM just for the use of Peer products.  The following ONTAP commands can be executed from the cluster context to create a local account <User Name> with appropriate API access on SVM <SVM Name>.

    If you are running PeerGFS v5.2 and above, as well as ONTAP 9.11.1 and above, a new REST-based API model is in place.  HTTP support is required for the user account.  You can create this account using the following command:

    CODE 
    security login create -vserver <SVM Name> -user-or-group-name <User Name> -application http -authentication-method password -role vsadmin

    In some cases, ONTAPI is still required for the user account.  These cases include: if you are running PeerSync, an older version of PeerGFS or ONTAP; or Peer Support has identified that the REST API will not work in your environment.  You can create this account using the following command:

    CODE 
    security login create -vserver <SVM Name> -username <User Name> -application ontapi -authmethod password -role vsadmin

    Note:  The username and password of this account must be entered into each Peer product as part of the configuration process.
     

  17. The SVM must have a valid certificate installed.
     
  18. No firewalls (software or hardware) should be enabled between the server hosting Peer Agent or PeerSync and the SVM.



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close