Getting Started with Cloud Volumes ONTAP in AWS: The Setup Walkthrough

  • Introduction
  • Key Design Considerations
  • AWS Marketplace Subscription
  • AWS Account & Permissions
  • NetApp Cloud Manager Deployment
  • Conclusion


Cloud Volumes ONTAP enables enterprise customers to meet various cloud requirements such as lift and shift data migrations, disaster recovery, and backup, helping customers accelerate time to market and realize the true value of cloud within a short space of time.

NetApp Cloud Manager provides simplified, centralized, single-pane-of-glass management, monitoring, and automation for the end-to-end hybrid and multi-cloud storage environments. 

This guide will walk you through the prerequisite considerations and setting up Cloud Volumes ONTAP on AWS, including the Cloud Manager deployment steps required for you to successfully start deploying volumes

Key Design Considerations

This section highlights the key design considerations which need to be understood and addressed prior to a Cloud Manager and a Cloud Volumes ONTAP deployment.

  • AWS subscription

    • Before you start the deployment of Cloud Manager and Cloud Volumes ONTAP on AWS, you need to have an active AWS subscription.
    • If you don’t have an AWS subscription, sign up for an account here. Note that since this account must not be on the free tier, a PAYGO account is recommended.
  • Supported AWS regions

  • Cloud Manager deployment option

    • Deploy Cloud Manager from NetApp Cloud Central on AWS (Main focus of this post).
    • Deploy Cloud Manager from AWS marketplace.
    • Install Cloud Manager installable in an on-premises data center.
  • AWS Key pair

    • Cloud Manager deployment from NetApp Cloud Central requires a valid AWS Key pair to be available within the region that the Cloud Manager appliance is being deployed.
    • If a key pair does not exist within your AWS subscription, this needs to be created prior to proceeding with the steps outlined below (Except for when Cloud Manager is deployed directly from the AWS Marketplace).
  • AWS Networking considerations

    • Cloud Manager requires network connectivity from the AWS VPC where it is deployed to the below endpoints:
      • All AWS VPC’s in each region where Cloud Volumes ONTAP will be deployed as explained here.
      • On-premises NetApp FAS/AFF devices for replication purposes (if applicable).
    • Users deploying Cloud Manager from their workstation web browser require network connectivity to the endpoints listed here
    • Cloud Manager is recommended to be deployed on a subnet / VPC with outbound internet access in order to deploy and manage Cloud Volumes ONTAP.

AWS Marketplace Subscription

In order for Cloud Manager to deploy Cloud Volumes ONTAP, users must be subscribed to Cloud Volumes ONTAP within the AWS Marketplace. This step is only required once, in order to accept and confirm the AWS EULA terms.
Watch here a demonstration of these steps.


1. Log into the AWS management console via an internet browser.

2. Visit the NetApp Cloud Volumes ONTAP solution on the AWS Marketplace (on the same browser sharing the same session credentials). Selects "Cloud Volumes ONTAP for AWS" (exact name):

Visit the NetApp Cloud Volumes ONTAP solution on the AWS Marketplace

3. Click "Continue to subscribe" at the top:

Cloud Volumes ONTAP for AWS - Product Overview

4. Click "Accept Terms":

Accept Terms

5. Verify subscription confirmation and close the browser tab/window: 

Close the browser tab/window

DO NOT click the “continue to configuration” option as Cloud Volumes ONTAP should only be deployed via Cloud Manager and not directly on the AWS Marketplace. All that is required here is to ensure the marketplace subscription is in place so that Cloud Manager has all the prerequisites required to automatically deploy the Cloud Volumes ONTAP appliance as needed.

AWS Account Permissions

When deploying Cloud Manager from NetApp Cloud Central, you need to use an AWS account that has sufficient permission within the AWS subscription to deploy the Cloud Manager instance.

In this section, we’ll show how to create an AWS account with the required IAM (Identity and Access Management) policy in order to prepare your AWS environment to deploy Cloud Manager. Watch here a demonstration of these steps.




1. Go to the Cloud Manager policies for AWS & Azure page

2. Click “I’m deploying Cloud Manager from NetApp Cloud Central” link:

deploy cloud 2-1


3. Click the "NetApp Cloud Central policy for AWS" hyperlink:



4. Copy the content of the JSON file that is required to create the IAM access policy on AWS:



5. Now go to the AWS management console and click on the "Services" menu at the top.
Click on IAM under "security, Identify & Compliance":



6. Go to Policies and click "Create Policy":

Credit POlicty-1


7. Click JSON and paste the content copied from the JSON file in step 4 above and click "Review policy." (Ignore any policy validation warnings that appears):



8. Provide a unique policy name (staying in line with any best practice naming conventions) and a description and click "Create policy":


You now have an IAM access policy called "NetAppCloudCentral".

9. Next we will define a new user and attach the policy to the new user. Go to the "Users" menu option on the left-hand side and click "Add user":



10. Add a new user and select the "Programmatic Access" check box. Click "Next: Permissions" when complete:



11. In the next window, select "Attach existing policies directly" and search for the policy created in Step 8 above and click "Next: Tags": 



12. Click "Next: Review" on the next screen.

13. Click "Create user" on the final screen:



14. In the next window, please make sure to note the "Access key ID", as these will be required for the initial deployment of Cloud Manager. Alternatively, you can download the credentials as a .csv file and store in a secure location:


Your AWS subscription is now prepared with the appropriate user account and associated access policy, and ready for NetApp Cloud Manager to be deployed.

NetApp Cloud Manager Deployment

Now that the prerequisites in AWS are completed, we can initialize the deployment steps for Cloud Manager. Watch here a demonstration of these steps.



1. Log in to NetApp Cloud Central and select "Fabric View" at the top right corner of the screen..

2. In the Fabric View, click "Start Free Trial" under Cloud Volumes ONTAP.

Screenshot 14-3


3. Select "AWS":

Screenshot 15-1


4. Provide the AWS Access Key and AWS Secret Key that were recorded for the new user account (Step 14 of the "AWS Account & Permissions" section above) and click "Continue". 

Screenshot 16-1


5. Now provide a name for the Cloud Manager instance, select the AWS region, VPC and subnet where the Cloud Manager instance needs to be deployed. 

Note that while Cloud Manager can be deployed to any AWS region, if you plan to deploy and manage Cloud Volume ONTAP instances in other regions, network connectivity between the Cloud Manager and Cloud Volumes ONTAP VPCs is required. (As outlined within the “Key design considerations” section above). An example of such a case may be in a disaster recovery use case where the secondary copy is typically deployed in a separate region. Click “Continue” when complete:

Screenshot 17-1


6. Under the Network settings, select the appropriate key paid and click continue:

Screenshot 18-1


7. Now create a new security group to be used by Cloud Manager or select an existing security group. For the purpose of this article, we will create a new security group and set communication permission from anywhere to the Cloud Manager instance using this deployment wizard: 

Screenshot 19-1

In a production deployment however, it is highly recommended to set strict access control to limit the network communication only to the specific Cloud Manager endpoints required for advanced security. If this security group was pre-created and already in place, it can be selected here instead of creating a new one. 

Click “Go” once complete.


8. Cloud Manager deployment has now started. This may take around 30 minutes to complete:

Screenshot 20-1


9. Once the deployment is completed, you will be automatically directed to the Cloud Manager management UI where you can start provisioning Cloud Volume ONTAP instances and creating additional working environments:



10. If you go to the AWS management console and browse through instances, you will see that the Cloud Manager appliance has successfully been deployed:

Screenshot 22-1


11. If you navigate to EC2 > Network & Security > Security groups, you will also notice the new AWS Security Group created during the Cloud Manager deployment. This can be modified to amend the inbound and outbound rules to secure the network access as required (recommended if no security group permissions were set during the Cloud Manager deployment):

Screenshot 23-1

There are optional additional configuration items that can also be performed once the Cloud Manager appliance has been deployed. Please refer to the below documentation for if required:


Now that you have all the necessary prerequisites in place, you can go ahead with deploying Cloud Volumes ONTAP in AWS and enjoy all the enterprise class data management features natively on AWS.