Configure and Register NetApp ONTAP
Check your NetApp ONTAP requirements and minimum permissions, then register your ONTAP sources with Cohesity DataProtect as a Service.
For information on the supported cloud regions where you can back up this source, see Supported Workloads and Cloud Regions.
To add NetApp ONTAP as aCohesity DataProtect as a Service source:
-
Confirm that you have met the NetApp ONTAP requirements below.
-
Check the supported NetAppONTAP versions and volumes.
-
Check the minimum permissions.
-
Register your NetApp ONTAP source.
To register other NAS types, see Register Generic NAS Sources or Configure and Register Isilon NAS.
NetApp ONTAP Requirements
To register your NetApp ONTAP with Cohesity DataProtect as a Service, confirm you meet the following prerequisites:
-
Bidirectional TCP ports 111, 443, 445, 635, and 2049 are open in the firewall between your SaaS Connector and NetApp ONTAP. For details, see Ports Used for Communication below.
-
The NetApp ONTAP SVM that you plan to protect have:
-
An active logical interface attached to the SVM.
-
The NFS and CIFS services configured on the SVM.
-
-
The Make snapshot directory (.snapshot) visible option is enabled for all NetApp ONTAP volumes that you plan to protect.
Support Matrix
Before you register your NetApp ONTAP with Cohesity DataProtect as a Service, ensure that the Cohesity supports the NetApp ONTAP versions and volumes you want to protect.
Supported NetApp ONTAP Versions
Cohesity DataProtect as a Service supports data protection of NetApp ONTAP versions 8.2, 8.3, 9.1, 9.2, 9.3, 9.5, 9.6, 9.7, 9.8, 9.9.1, 9.10.x. 9.11.x, 9.12.x.
Supported NetApp ONTAP Volumes
The supported NetApp ONTAP versions and volume types for backup are:
|
Volume Type |
Volume Subtype |
|---|---|
|
Flex Volume |
Normal Flex Volume |
|
Data Protection Volume
|
SnapMirror Destination Volume |
|
SnapVault Destination Volume |
Supported NFS and SMB versions
The supported NFS and SMB versions for backup are:
|
Protocol |
Version |
Notes |
|---|---|---|
|
NFS |
NFSv3 |
If NFSv4 volume backup is triggered, Cohesity DataProtect as a Service will take the backup in NFSv3 mode. |
|
SMB |
SMB v2.x and v3 |
SMB v1 is not supported in Cohesity DataProtect as a Service. |
Minimum Permissions
Ensure the user account you use to register your NetApp ONTAP SVM or NetApp ONTAP cluster has the required permissions to communicate with the Cohesity DataProtect as a Service.
Minimum Permissions for NetApp ONTAP Cluster
Before registering a NetApp ONTAP cluster as the source type, ensure the user account has the following command permissions:
|
Access Level |
Command |
Description |
Protocol |
|---|---|---|---|
|
All
|
vserver export policy |
Adds the Cohesity SaaS Connector IP to the export policy so that Cohesity DataProtect as a Service can mount volumes. |
NFS |
|
volume snapshot |
Allows fetching, creating, and deleting snapshots for volumes. |
SMB / NFS |
|
|
ReadOnly
|
vserver cifs |
Fetches information about CIFS/SMB shares for volumes. |
SMB / NFS |
|
cluster identity |
Fetches information about the cluster. |
SMB / NFS |
|
|
network interface |
Fetches information about network interfaces that the Cohesity DataProtect as a Service connects to for mounting volumes. |
SMB / NFS |
|
|
volume |
Fetches information about volumes. |
SMB / NFS |
|
|
vserver |
Fetches information about SVM |
SMB / NFS |
Minimum Permissions for NetApp ONTAP SVM
When registering a NetApp ONTAP SVM as the source type, ensure the user account has the following command permissions:
|
Access Level |
Command |
Description |
Protocol |
|---|---|---|---|
|
All
|
vserver export policy |
Adds the Cohesity SaaS Connector IP to the export policy so that Cohesity DataProtect as a Service can mount volumes. |
SMB / NFS |
|
volume snapshot |
Allows fetching, creating, and deleting snapshots for volumes. |
SMB / NFS |
|
|
ReadOnly
|
vserver cifs |
Fetches information about CIFS/SMB shares for volumes. |
SMB |
|
network interface |
Fetches information about network interfaces to which the Cohesity DataProtect as a Service connects for mounting volumes. |
SMB / NFS |
|
|
volume |
Fetches information about volumes. |
SMB / NFS |
|
|
vserver |
Fetches information about SVM. |
SMB / NFS |
Minimum Permissions for SMB/CIFS Shares Backup and Recovery
To back up NetApp ONTAP SMB/CIFS shares, the user must have local or domain user credentials that allow at least read access to the SMB share.
To recover the SMB/CIFS shares, the local or domain user must have full access control on the target where the data is being restored.
Minimum Permissions for NFS Export Backup and Recovery
For Backup. To back up an NFS export, the user must have read and superuser access permissions on the NFS volume to be backed up and on the parent root volume. Before starting the backup, Cohesity DataProtect as a Serviceverifies that the user has these permissions and if not, Cohesity adds a new export rule for the Cohesity SaaS Connector IP with the required permissions in the export policy attached to the backup volume.
If there is already an existing export rule for the Cohesity SaaS Connector IP with a lower rule index value, then this existing export rule will override the export rule added by Cohesity for the Cohesity SaaS Connector IP. In such scenarios, you must manually update the existing export rule with the required permissions for the Cohesity SaaS Connector IP.
For the parent root volume, you must manually add the permissions for the Cohesity SaaS Connector IP.
For Recovery. To recover an NFS export, the user needs read/write and superuser access permissions on the NFS volume to be restored. Before starting the restore, you must add a new rule index for the Cohesity node subnet in the export policy attached to the source volume and parent root volume to give the necessary permissions to the Cohesity SaaS Connector IP.
Credentials for NetApp ONTAP Backup with Multiple SVMs
To register NetApp ONTAP with multiple SVMs, create a custom role with the required permissions and a local user at the SVM level. Assign the custom role to the local user. Use the respective local user account to register multiple SVMs.
Ports Used for Communication
Ensure the following ports are open in the firewall (for your backup and recovery traffic) between your SaaS Connector and NetApp ONTAP:
|
Port |
Source |
Target |
Direction |
Network Protocol |
Usage |
|---|---|---|---|---|---|
|
111 |
NetApp |
Saas Connector |
Bidirectional |
TCP/UDP |
Required for RPC connection |
|
443 |
NetApp |
Saas Connector |
Bidirectional |
TCP/UDP |
Required for HTTPS connection with NetApp |
|
445 |
NetApp |
Saas Connector |
Bidirectional |
TCP |
Required for SMB |
|
635 |
NetApp |
Saas Connector |
Bidirectional |
TCP/UDP |
Required for NFS |
|
2049 |
NetApp |
Saas Connector |
Bidirectional |
TCP/UDP |
Required for NFS |
Considerations
Review and understand the following limitations before you protect your NetApp ONTAP data with Cohesity DataProtect as a Service:
-
Instant Volume Mount for NetApp ONTAP stub file is not supported.
-
You cannot restore the NetApp Data-Protect volume to the original location or to an alternate Data-Protect volume because the Data-Protect volume is a read-only volume.
-
Cohesity does not support the backup of the following NetApp ONTAP volumes:
-
FlexGroup Volume.
-
Flex Volume subtypes SnapLock Enterprise Volume, SnapLock Compliance Volume, and Encrypted Volume Storage.
-
Register NetApp ONTAP
To register NetApp:
-
In DataProtect as a Service, navigate to the Sources page and click + Register Source in the upper-right corner of the page.
-
In the Select Source dialog box, select NAS.
-
In the Type: drop-down, select NetApp and click Start Registration.
-
In the Register NetApp dialog box, select an existing SaaS connection marked Unused or click Create SaaS Connection and follow the instructions in Deploy SaaS Connector, and then click Continue.
-
Choose between NetApp ONTAP cluster and SVM. Select:
-
Cluster to register a NetApp ONTAP cluster.
-
VServer/SVM to register a NetApp ONTAP SVM.
-
-
In the Username field, enter the username used to access the NetApp ONTAP cluster or SVM. Specify a user that has adequate privileges to perform actions on the source. See Minimum Permissions above for details.
The username used to register the NetApp ONTAP cluster and SVM is case sensitive.
-
In the Password field, enter the password for the specified user.
-
In the Hostname or IP Address field, enter the hostname or IP address of the NetApp ONTAP cluster or SVM to register.
-
Click Continue.
-
If you are backing up SMB volumes or mixed-mode volumes, enable SMB Volumes Access and provide the local or Active Directory user credentials that allow at least read access on the NetApp ONTAP cluster or SVM.
-
Enable Exclude IPs and specify the IP addresses of the NetApp ONTAP source through which the communication to the Cohesity DataProtect as a Service must not happen. You can enter the IP addresses in a comma-separated list or in a CIDR format.
-
Click Complete.
Your NetApp ONTAP is now a registered source in your Cohesity DataProtect as a Service. and ready to be protected.
If you plan to stop protecting a NAS source, you can remove it from Cohesity DataProtect as a Service. Navigate to Sources, click the Actions menu (
) next to the NAS source and select Unregister. In the Unregister Source dialog, click Unregister.
Next > You're ready to protect your NetApp ONTAP NAS volumes and data.
