How to Add a NetApp Storage Target Device and Configure Permissions

If you have installed the Storage Control Module license, you can add storage controllers as targets. When you add these targets, Operations Manager can discover the disk arrays they manage, and perform actions to keep the storage environment in the optimal zone.

To add a NetApp 7-Mode Storage Controller as a Target, provide the  Storage Controller IP address, as shown below.

 

The Operations Manager appliance logs into the storage controller via an existing user account.

Specifying a User Role for Operations Manager Access to NetApp Storage

NetApp filers run on the Data ONTAP operating system. To discover and manage NetApp disk arrays, Operations Manager must have a role and user account that grants privileges to execute certain commands via the filer’s API. The filer administrator must configure the role and user account. When you add the NetApp filer as a target, you enter credentials for the user that has the necessary role. Then Operations Manager can log into the filer to perform discovery, analysis, and perform actions.

To specify this information, log into the NetApp filer with a command-line shell. Then use Data ONTAP commands to create a role with API privileges, a group that exposes that role, and a user that is a member of that group.

  • Create a role with API privileges
    Enter the following command:
    useradmin role add role_name -a capability1[,capability2 ...]
    This role will give Operations Manager the ability to execute every API command that is supported by the filer OS. For security reasons, you should create the role with a comma-delimited list of API capabilities. For the minimal list of capabilities you must give Operations Manager, see the table below.
  • Create a group and assign the role to it
    Enter the following command:
    useradmin group add group_name [-c comments] -r role_name
    For example:
    useradmin add VMTurboGroup -r VMTurboRole
    This creates a group that exposes the role named VMTurboRole.
  • Create a user that is a member of the group
    Enter the following command:
    useradmin user add user_name -g group_name
    For example: 
    useradmin user add VMTurboUser -g VMTurboGroup
    This will create a new user that is a member of the VMTurboGroup. When you execute the above command, the OS will prompt you for the user’s password. After you provide the password, the OS creates the user account. You can then use those credentials when you specify the given filer as a NetApp target.

 

Required Capabilities for Operations Manager Access of NetApp Filers

To securely administer users, groups, and roles, you should not configure roles with global access unless you have a specific need. For Operations Manager to access NetApp filers, you can provide it with a subset of the Data ONTAP API capabilities. The following table shows the minimal list of capabilities you must provide:

Inspection CapabilitiesExecution Capabilities
  • api-aggr-list-info
  • api-disk-list-info
  • api-fcp-node-get-name
  • api-flash-device-list-info
  • api-igroup-list-info
  • api-iscsi-node-get-name
  • api-lun-initiator-list-map-info
  • api-lun-map-list-info
  • api-lun-list-info
  • api-net-ifconfig-get
  • api-nfs-exportfs-list-rules-2
  • api-options-list-info
  • api-system-get-info
  • api-system-get-version
  • api-volume-list-info
  • api-snapshot-list-info
  • api-perf-object-get-instances
  • api-perf-object-instance-list-info
  • api-perf-object-counter-list-info
  • api-qtree-list
  • security-api-vfiler
  • api-vfiler-list-info
  • api-volume-options-list-info
  • login-http-admin
  • login-*
    (may be necessary when using
    external users — AD)
  • api-volume-create
  • api-volume-size
  • api-volume-offline
  • api-volume-online
  • api-volume-destroy
  • api-aggr-add
  • api-aggr-create
  • api-aggr-offline
  • api-aggr-online
  • api-aggr-destroy

 

 

 

 

See the attached document which describes how to add a NetApp Storage Controller as Target device to your VMTurbo Operations Manager.   This document also outlines the permissions required to complete the setup.

Have more questions? Submit a request

Comments