NetApp 7-Mode Prerequisites

Tech Brief #

082

Revision

012

Last Updated

09 Feb 2019

  1. The minimum required version of ONTAP (operating in 7-Mode) for use with Peer Global File Service or PeerSync is v7.3.5. Older versions of ONTAP will not work properly.
     

  2. Any Windows Server that will be interfacing with the NetApp device through the Peer Agent or PeerSync must be on the same domain, same network segment, and same subnet as the NetApp device. This network must operate at speeds of at least 1Gbit/sec.
     

  3. The minimum version of Windows required for FPolicy support with the Peer Agent or PeerSync is Windows Server 2008.

  4. If you are using Windows Server 2019 for the Peer Agent or PeerSync, SMB1 must be enabled (it is disabled by default). The following PowerShell commands can be used to check and enable SMB1:

  5. No other FPolicy or VSCAN products from Peer Software or any other vendor can be run on this FPolicy Server. In addition, no other Peer Software products can be run on this server (like the Peer Management Center).
     

  6. The service account for the Peer Agent or PeerSync must be a member of the Local Admin Group on the NetApp device. You can add a domain user <Domain User Name> (in the format "DOMAIN\USERNAME") to the Local Admin Group of the device with the following ONTAP command from the filer or vFiler context:

    useradmin domainuser add <Domain User Name> -g administrators
  7. Any Windows server that will be interfacing with the NetApp device through the Peer Agent or PeerSync must have the following Local Security Policy settings set: 

    1. Network Access: Named Pipes that can be accessed anonymously >>> add ntapfprq and ntapfpcp

    2. Network Access: Let Everyone permissions apply to Anonymous users >>> Enabled

    3. Microsoft Network Server: Digitally sign communication (always) >>> Disabled

    4. Microsoft Network Server: Digitally sign communication (if client agrees) >>> Disabled 

    NOTE: You must restart the server after changing the Local Security Policy settings.
     

  8. DNS must be able to resolve the Fully Qualified Domain Name of any server that will be interacting with the NetApp device through the Peer Agent or PeerSync. Both forward and reverse lookups must successfully resolve.
     

  9. The NETBIOS name of the controller or vFiler must match its ONTAP system name.
     

  10. No firewalls (software or hardware) should be enabled between the FPolicy Server and the NetApp device.