Getting Started with Cloud Volumes ONTAP in Azure: The Setup Walkthrough

  • Introduction
  • Key Design Considerations
  • User Permission Configuration
  • NetApp Cloud Manager Configuration
  • Conclusion


Cloud Volumes ONTAP enables enterprise customers to meet various cloud requirements such as lift and shift data migrations, disaster recovery, and backup, helping customers accelerate time to market and realize the true value of cloud within a short space of time.

NetApp Cloud Manager provides simplified, centralized, single-pane-of-glass management, monitoring, and automation for the end-to-end hybrid and multi-cloud storage environments. 

This guide will walk you through the prerequisite considerations and setting up Cloud Volumes ONTAP on Azure, including the Cloud Manager deployment steps required for you to successfully start deploying volumes

Key Design Considerations

This section highlights the key design considerations which need to be understood and addressed prior to a Cloud Manager and a Cloud Volumes ONTAP deployment.

  • Azure Subscription

  • Supported Azure regions

    Cloud Volumes ONTAP services are available in the Azure regions listed here.

  • Cloud Manager deployment options

    • Deploy Cloud Manager from NetApp Cloud Central on Azure (Main focus of this post).
    • Deploy Cloud Manager from Azure marketplace.
    • Install Cloud Manager installable in an on-premises data center.
  • Azure credentials

    Cloud Manager deployment from NetApp Cloud Central requires an Azure account that have rights to deploy the VM. An account with contributor rights can be used to deploy Cloud Manager. Else you can also create a custom role and assign to a user (refer section titled “User Permission configuration” to understand how to do this).

  • Azure Networking considerations

    • Cloud Manager requires network connectivity from the Azure VNet where it is deployed to the below endpoints:
      • All Azure VNets where Cloud Volumes ONTAP will be deployed as explained here.
      • On-premises NetApp FAS / AFF devices for replication purposes through Azure VPN.
    • Users deploying Cloud Manager from their workstation web browser require network connectivity to the endpoints listed here
    • Cloud Manager is recommended to be deployed on an Azure subnet with a public IP since it needs to be accessed from hosts outside of the Azure VNet.

User Permission Configuration

In this section, we’ll show how to create a role with permissions to deploy the Cloud Manager Virtual Machine from NetApp Cloud Central. Alternatively, if you have a user account with the built-in contributor permission, you can use it to deploy Cloud Manager and skip this section.

Watch here a demonstration of these steps.


1. Copy the JSON code from the Cloud Manager Azure policy which will be used to create a custom role called “Azure SetupAsService.”

2. Now you need to add your Azure subscription ID in the JSON file. Your Azure subscription ID can be found in Azure portal > Subscriptions > your subscription name > Properties. Copy the subscription id you find there:

Screenshot 23


3. Edit the JSON file downloaded in Step 1 and update the “AssignableScope” at the bottom with your subscription id:


You now have a custom role called “Azure SetupAsService”. In the next steps we will upload the new role to your Azure portal.

4. Click on Azure Cloud Shell in the Azure portal:



5. Click the upload option in the Cloud Shell to upload the JSON file:



6. Once the upload is complete, type the command “ls” in the Cloud Shell. The policy file will be available in the home folder. You can click on the maximize icon on the left-hand side to expand Azure Cloud Shell to full screen:



7. Run the following command from the Cloud Shell:
      az role definition create --role-definition policy.json


8. On successful execution, the role details will be displayed on Cloud Shell:


Now that you verified that the new role was uploaded, in the next steps we will assign the new role to the user who will deploy the Cloud Manager from Cloud Central.

9. In the Azure portal go to Subscriptions > Select your subscription > Access control (IAM). Click “+Add” and select “Add role assignment” from the drop-down menu:



10. From the roles drop down list, select the “Azure SetupAsService” role we created in Step 8:



11. Search for the Azure user account that you want to use to deploy NetApp Cloud Manager and click on “Save” to complete the role assignment:


The user now has the permissions to deploy Cloud Manager. 

NetApp Cloud Manager Configuration

Now that the prerequisites in Azure are completed, we can initiate the configuration for using NetApp Cloud Manager, which is required to create and manage the Cloud Volumes ONTAP systems.

Watch here a demonstration of these steps.


1. Sign up and log to NetApp Cloud Central and select "Fabric View" at the top right corner of the screen. 

2. In the fabric view, click on "Start Free Trial" under Cloud Volumes ONTAP:



3. Select Microsoft Azure to run the Cloud Manager:



4. You will get a login prompt for Azure. Sign in using the credentials to which role was assigned in Step 11 of the Configuration Prerequisites” section above.



5. In the Permissions request prompt, click on “Accept” to complete the sign-in process:



6. Provide a name for the Cloud Manager VM, a username, and password. Click on “Continue”:



7. Select the subscription, region, and the resource group.
If you plan to use the system for a DR use case or any other SnapMirror scenario, select the same resource group where your VNet and Virtual network gateway are located. 


Cloud Manager requires an outbound internet connection. For this walkthrough, we will enable the public IP. If there is an HTTP proxy configured in the network, give the proxy URL here. Leave it blank if there is no proxy:

8. Select the VNet and subnet. You can choose to enable a public IP for Cloud Manager or disable public access.



9. Create a new network security group that allows inbound HTTP, HTTPS, and SSH access. You can provide the source as anywhere (which is the default), provide custom IP, or select “My IP.” For this demo we will choose the default setting. Click on “Go” to create Cloud Manager in Azure.



10. Keep the page open until the deployment process is complete:



11. Once the deployment is completed, you will be redirected to Cloud Manager. You can now go ahead and create your first Cloud Volumes ONTAP instance:



Note:  If you go to the Azure portal, browse to the resource group which we selected in Step 8 above, you can see that a Network Security Group (NSG) is created with the required inbound outbound rules required for Cloud Manager:




Now that you have completed the setup process, you can go ahead and provision Cloud Volume ONTAP systems in Azure and enjoy the benefits of NetApp’s enterprise-class data management features.