NetApp ONTAP | Clustered Data ONTAP Prerequisites
Last Updated | 12 May 2023 |
- The minimum required version of clustered Data ONTAP (cDOT) for use with Peer Global File Service or PeerSync is v8.2. Older versions of cDOT will not work. ONTAP 9 and above is also supported, as is Cloud Volumes ONTAP.
- Any Windows Server that will be interfacing with a Storage Virtual Machine (SVM) through the Peer Agent or PeerSync must be on the same domain, same network segment, and same subnet as the SVM. This network must operate at speeds of at least 1 Gbit/sec.
SMB Multichannel Support must be disabled on the SVM.
CODEset -priv diag cifs options modify -vserver <SVM Name> -is-multichannel-enabled false
All client connections to the SVM must be reset once this change is made on the SVM.
- The minimum version of Windows required for FPolicy support with the Peer Agent or PeerSync is Windows Server 2012.
- The FPolicy Server hosting the Peer Agent or PeerSync can only work with a single SVM at a time.
- No other FPolicy or VSCAN products from Peer Software or any other vendor can be run on the FPolicy Server hosting the Peer Agent or PeerSync. In addition, no other Peer Software products can be run on this server (such as the Peer Management Center).
- Infinite Volumes are not supported. FlexGroups are supported with ONTAP 9.4 and above.
- DNS Resolution: The DNS name of the SVM must resolve to the IP address of the data LIF used for file access.
CIFS Permissions: The service account for the Peer Agent or PeerSync must be a member of the Local Admin Group on the SVM. To add the service account <Domain User Name> (in the format "DOMAIN\USERNAME") to the Local Admin Group of SVM <SVM Name>, run the following ONTAP command from the cluster context:
CODEvserver cifs users-and-groups local-group add-members -vserver <SVM Name> -group-name BUILTIN\Administrators -member-names <Domain User Name>
CIFS Privileges: To properly query and set DACLs, SACLs, owner and/or group configurations on files and folders, the service account for the Peer Agent or PeerSync must be granted special privileges. To grant these privileges to the account <Domain User Name> (in the format "DOMAIN\USERNAME") on SVM <SVM Name>, use the following ONTAP command from the cluster context:
CODEvserver cifs users-and-groups privilege add-privilege -vserver <SVM Name> -user-or-group-name <Domain User Name> -privileges SeBackupPrivilege,SeRestorePrivilege,SeSecurityPrivilege,SeTakeOwnershipPrivilege,SeTcbPrivilege
ONTAPI Access and Service Configuration: At least one LIF per associated SVM must have management access enabled. The server running the Peer Agent or PeerSync must be able to communicate with this management LIF. This management LIF can also serve as a data LIF if desired.
In ONTAP 9.7 and above, this management LIF must have both the management-ssh and management-https services set on its service policy configuration. Customers upgrading from previous versions of ONTAP should have these automatically set upon existing LIFs.
For example, to set these services on the default-data-files policy of SVM <SVM Name>, run the following two ONTAP commands from the cluster context in advanced mode (set -privilege advanced):CODEnet int service-policy add-service -vserver <SVM Name> -policy default-data-files -service management-ssh net int service-policy add-service -vserver <SVM Name> -policy default-data-files -service management-https
FPolicy Service Configuration: Starting with ONTAP 9.8 and above, one SVM LIF per associated node of the cluster must have the data-fpolicy-client service set on its service policy configuration. Customers upgrading from previous versions of ONTAP should have this automatically set upon existing LIFs.
For example, to set this service on the default-data-files policy of SVM <SVM Name>, run the following ONTAP command from the cluster context in advanced mode (set -privilege advanced):CODEnet int service-policy add-service -vserver <SVM Name> -policy default-data-files -service data-fpolicy-client
ONTAPI Permissions: Peer Agent and PeerSync must both be configured with an account on the SVM that has been granted ONTAPI access. It is recommended that this be a dedicated local account on the associated SVM just for the use of Peer products. The following ONTAP commands can be executed from the cluster context to create a local account <User Name> with appropriate ONTAP API access on SVM <SVM Name>:
CODEsecurity login create -vserver <SVM Name> -username <User Name> -application ontapi -authmethod password -role vsadmin
You will be prompted to enter a password. Then run:
CODEsecurity login create -vserver <SVM Name> -username <User Name> -application ssh -authmethod password -role vsadmin
Note: The username and password of this account must be entered into each Peer product for now as part of the configuration process.
- The NetBIOS name of the SVM must match the actual name of the SVM within the cluster.
- The SVM must have a valid certificate installed.
- No firewalls (software or hardware) should be enabled between the FPolicy Server and the SVM.