hamburger icon close icon

What’s the Big Deal with
Cloud Manager SaaS?

September 2, 2020

Topics: Cloud Manager Advanced7 minute read

Recently we have announced the new evolution of NetApp Cloud Manager which now provides you with a complete Software-as-a-Service experience. The new Cloud Manager is an advanced centralized API-driven platform with extended management capabilities, unifying all NetApp’s Cloud Volumes storage solutions, cloud data services, and automation processes. The new Cloud Manager makes it easier to consume and configure NetApp’s public cloud services and manage your data as whole in a modern hybrid multicloud environment. Its ultimate goal is to provide you with autonomous storage operations to fulfill any need required by your data and increase your operational efficiency so you can use more cloud at less cost. With this big change many questions and concerns have been raised, which we will address in this blog.

What is SaaS?

When looking at today’s cloud computing solutions for business IT issues, everything is offered as a service all the way from Infrastructure-as-a-Service (IaaS) where the cloud provider hosts the required hardware, software, storage, and other components needed, through Platform-as-a-Service (PaaS) which allows consumers of the cloud to develop, run and manage their applications without having to care about the associated infrastructure, all the way up to Software-as-a-Service (SaaS), where the vendors and suppliers are managing the software seamlessly, and no installation is required since the software is distributed through the internet. The SaaS delivery model is growing in its popularity since it offers many business advantages, discussed later in the blog, significant operational efficiencies, as well as cost savings.

The Evolution of Cloud Manager

Until recently, using Cloud Manager required the Cloud Manager software package to be deployed on a compute instance within your environment. Today, all you need is a URL.

Previously, to get started with Cloud Manager you had to deploy it on a compute instance in your cloud of choice (AWS, Azure or Google Cloud) or in your on-prem network. Whenever a management task had to be performed, the user interacted directly with the compute instance that was running Cloud Manager, and these tasks were translated into requests sent to the cloud providers for fulfillment.

Now, that Cloud Manager was transitioned to SaaS, it is accessible simply and securely through the internet by navigating your browser to https://cloudmanager.netapp.com. Using some of the services and storage solutions such as Cloud Volumes ONTAP, Cloud Compliance, Cloud Backup, etc. require you to install a software service called a Connector (Go to Learn about Connector for the complete list of services). The Connector is a software that enables Cloud Manager to manage resources and processes within your public cloud environments. For those whom already familiar with Cloud Manager’s previous evolution, the Connector is the same Cloud Manager software package you have already deployed. This also means you can still access Cloud Manager through its private IP address from within the VPC or VNet the Connector was deployed in.

What’s in It for You?

With any SaaS solution several benefits can be clearly identified, such as: cost optimization, accessibility from anywhere and from any device, reduced onboarding time and time to benefits, as well as scalability and seamless integration with other services, more frequent releases and seamless upgrades, and being able to easily perform proof of concept and more.

The transition of Cloud Manager to a SaaS model provides the following immediate benefits:

  • Unified management – An advanced, API-driven, centralized control plane that unifies all of NetApp’s ONTAP-based data storage solutions, no matter where they are, with seamless integration to cloud data services.
  • Faster starting point - Available securely through the internet without installing any software or the need to be connected to the corporate network or VPC/VNet.
  • Extended storage services - Azure NetApp Files and Cloud Volumes Service for AWS and Google Cloud can be consumed and managed without any software deployment.
  • Increased operational efficiency when operating in multiple environments
    • A user associated with multiple NetApp Cloud Central Accounts (Tenant Accounts), can easily switch to a different one and see all Connectors and Working Environments associated with it.
    • When multiple Connectors are deployed in different networks and cloud providers, you can easily switch between them.
  • Quick turnaround - Accelerated development cycles due to development consistency in all our services allow us to meet your challenges and provide a solution faster-than-ever.

For additional information go to the Cloud Manager transition to SaaS page.

What About Security?

As with any cloud service, security concerns, mostly related to data and access, are often on the top of mind of those who use it, since visibility and control over the data are limited and data is stored with a third party provider and accessed over the internet. As well, in most cases, the shared responsibility models used, leave these two to the customer to manage. Therefore, it is imperative to understand the components of the solution, to know what data the solution maintains and where it is stored, as well as to examine what security measures are placed to protect your data at-rest and in-flight.

Cloud Manager SaaS

Looking at the Cloud Manager SaaS high-level architectural diagram above, we can distinguish between three types of data involved: user data, services data and meta data.

User data can be considered as any kind of data generated by users, applications, services, IoT devices, etc. that is eventually stored in the data storage solutions (Cloud Volumes ONTAP, Cloud Volumes Service, Azure NetApp Files, etc.). User data is protected in these systems by wide range of data protection measures such as encryption, access controls, snapshots, replication, etc. User data NEVER PASSES ON to or through Cloud Manager SaaS and NEVER LEAVES the customer network.

Services data is the data that is created, collected and generated by the data services (Cloud Compliance, Cloud Backup, Global File Cache, Cloud Tiering, etc.) such as Cloud Backup’s backups catalog or backup policy, or Cloud Compliance’s data classification records and personal/sensitive information mappings as well as auditing, logging and service credentials details. The services data is only stored on the Cloud Manager Connector within the customer network.

Meta data is the data that provides information that describes other data. This data is being generated by the Connector, upon polling the requests from the Cloud Manager SaaS and used for displaying purposes only. This is the only data that flows securely through Cloud Manager SaaS to the user’s web browser without saving it whatsoever. 

When it comes to access, an end-to-end secure communication is provided. When a user directs his browser to https://cloudmanager.netapp.com, the same secured authentication process as before is taking place. The user is first requested to login to NetApp Cloud Central, a centralized location to access and manage NetApp cloud services, where he gets authenticated with Auth0 and after successful authentication, a TLS handshake (NetApp certificate is hosted at Amazon) is performed ensuring all communications between the user and the Cloud Manager SaaS are secured with HTTPS, forming one end of the secured channel.

The connection between the Cloud Manager SaaS and the Connector, located within the VPC/VNet, is secured as well using HTTPS based on a NetApp certificate, forming the other end of the secured channel. As well, this connection is outbound only with no inbound communication whatsoever, meaning only the Connector initiates operations. The Connector is responsible for polling the user requests from Cloud Manager SaaS, process them, and post the responses back to Cloud Manager SaaS which in turn reply to the user.

When a user request is for data services information (Cloud Backup Service, Global File Cache, Cloud Tiering, etc.) the Connector is sending that data over, through the end-to-end secured channel established, where only the Cloud Manager SaaS is in the middle. In the case where the request is for Cloud Compliance’s information, the security hardens, and any data transmitted from the Connector to the user is end-to-end encrypted. The Connector and the user’s browser go through a key exchange process ensuring no one in the middle (including Cloud Manager SaaS) can decipher and read compliance data.

Conclusion

As with all Software-as-a-Service solutions, including our new Cloud Manager SaaS, many benefits are immediately achieved. However, security concerns, mainly related to data and access, are raised since visibility and control are limited and data is sometimes stored with a third-party provider and is accessed over the internet. The new Cloud Manager is architected to be highly secured and to hold no data – user data never leaves the customer network and data services information is always sent through a secured end-to-end communication channel, and in the case of Cloud Compliance, another layer of security was added. The new Cloud Manager is a platform for modern hybrid cloud storage management, making it easier to consume and configure NetApp’s public cloud services while maintaining optimal security.

To get more information go to Cloud Manager's homepage.

New call-to-action
Oded Berman, Cloud Evangelist

Cloud Evangelist

-