NetApp AutoSupport On Demand
NetApp AutoSupport On Demand (previously this functionality was in the form of a Remote Support Agent or RSA) is an agent on ONTAP systems that allows it to run commands on your storage system in case of contacting technical support. It is arranged like this: AOD connects to the NetApp cloud and requests commands for execution from technical support - everything is secure, you do not need to open holes in the firewall, the connection always comes from the storage system to support.netapp.com, and not vice versa.
The teams that request technical support cannot change anything on the storage system, but only view the status of volyums, moons, controllers, etc. Naturally, the contents of the volums and moons cannot be copied to the NetApp cloud. Only system logs are sent to the NetApp cloud.
Each NetApp FAS controller has a management port onboard with an image of a key, which is called Wrench port. Not to be confused with ACP (key + lock).
')
This physical port has two MAC addresses. One for the management interface and ONTAP management, it is called e0M and is available only when the OS is loaded and working normally. The second MAC address is the interface for the Service Processor (SP), an analogue of iLO and IP KVM. SP is available even when the OS reboots, as long as the controller is powered up. Naturally, both e0M and SP have their own IP addresses. Each SP port always has only one IP, but e0M can have multiple IPs on one MAC address (Node Management, Cluster Management, VSM Management).
Console connection to SP or inside ONTAP can be made either directly using a console roll-over cable, or via SSH.
So it was before, before ONTAP9: RSA lived on each node in SP, and accessed the e0M interface to the OS ONTAP IP address via the network, further tightened the system state, ran the necessary commands and copied their output to itself. Next, RSA connected to support.netapp.com , unloaded all the information just collected and requested a new set of commands for execution. The cycle was repeated if the tech support put on the execution of new commands.
Naturally, RSA should be able to communicate over IP with OS ONTAP, for this you need to either use the same IP subnet for e0M and SP, or different, but then configure the “router on a stick”. On the one hand, RSA should be able to connect to ONTAP and, on the other hand, to support.netapp.com via HTTPS. On OS ONTAP itself, you need to configure the access protocol, as well as the user with whom RSA will connect and execute requests. RSA can even pull Core Dumps if the controller rebelled in a panic.
The configuration document for the Remote Support Agent Configuration Guide can be found by clicking on the link and selecting your version of ONTA (All Documents). To access the documentation on the support site, you may need a NetApp NOW ID login.
AOD performs exactly the same RSA function, but is not in SP, but in ONTAP on each node of the cluster. Starting with the ONTAP 9 version of the software (firmware), the RSA functionality was transferred from the SP (now RSA is not in the SP), inside ONTAP. This will allow the benefits of AOD to be enjoyed not only by the owners of the FAS hardware platform, but also by its virtual counterparts ONTAP Select and ONTAP for Cloud, and also greatly simplifies its configuration, unlike RSA. If you have ONTAP9 and AutoSupport is turned on (and the minimum list of requirements is met ), you do not need to configure AOD (as RSA): AutoSupport configured to work on https automatically turns on AOD.
Some simple conditions must be met:
More details .
AOD and RSA, of course, do not eliminate the need for the owner of the storage system to participate in resolving any issues. But it greatly simplifies and speeds up this process, especially this is necessary, in those moments when the speed of technical support reaction is really very important. Using RSA / AOD is especially convenient when systems are scattered around the country and there are no local administrators who serve them. I often set up RSA and AutoSupport with customers, even if there is a good competence in NetApp, I recommend and you always include them. Turn on AOD in advance;)
I ask to send messages on errors in the text to the LAN .
Comments, additions and questions on the article on the contrary, please in the comments .
The teams that request technical support cannot change anything on the storage system, but only view the status of volyums, moons, controllers, etc. Naturally, the contents of the volums and moons cannot be copied to the NetApp cloud. Only system logs are sent to the NetApp cloud.
Internal device Management connections in FAS platforms
Each NetApp FAS controller has a management port onboard with an image of a key, which is called Wrench port. Not to be confused with ACP (key + lock).
')
This physical port has two MAC addresses. One for the management interface and ONTAP management, it is called e0M and is available only when the OS is loaded and working normally. The second MAC address is the interface for the Service Processor (SP), an analogue of iLO and IP KVM. SP is available even when the OS reboots, as long as the controller is powered up. Naturally, both e0M and SP have their own IP addresses. Each SP port always has only one IP, but e0M can have multiple IPs on one MAC address (Node Management, Cluster Management, VSM Management).
Console
Console connection to SP or inside ONTAP can be made either directly using a console roll-over cable, or via SSH.
RSA
So it was before, before ONTAP9: RSA lived on each node in SP, and accessed the e0M interface to the OS ONTAP IP address via the network, further tightened the system state, ran the necessary commands and copied their output to itself. Next, RSA connected to support.netapp.com , unloaded all the information just collected and requested a new set of commands for execution. The cycle was repeated if the tech support put on the execution of new commands.
Requirements for RSA
Naturally, RSA should be able to communicate over IP with OS ONTAP, for this you need to either use the same IP subnet for e0M and SP, or different, but then configure the “router on a stick”. On the one hand, RSA should be able to connect to ONTAP and, on the other hand, to support.netapp.com via HTTPS. On OS ONTAP itself, you need to configure the access protocol, as well as the user with whom RSA will connect and execute requests. RSA can even pull Core Dumps if the controller rebelled in a panic.
The configuration document for the Remote Support Agent Configuration Guide can be found by clicking on the link and selecting your version of ONTA (All Documents). To access the documentation on the support site, you may need a NetApp NOW ID login.
AOD
AOD performs exactly the same RSA function, but is not in SP, but in ONTAP on each node of the cluster. Starting with the ONTAP 9 version of the software (firmware), the RSA functionality was transferred from the SP (now RSA is not in the SP), inside ONTAP. This will allow the benefits of AOD to be enjoyed not only by the owners of the FAS hardware platform, but also by its virtual counterparts ONTAP Select and ONTAP for Cloud, and also greatly simplifies its configuration, unlike RSA. If you have ONTAP9 and AutoSupport is turned on (and the minimum list of requirements is met ), you do not need to configure AOD (as RSA): AutoSupport configured to work on https automatically turns on AOD.
Requirements for AOD
Some simple conditions must be met:
- Configure your network for OS ONTAP access to mysupport.netapp.com : perform switching, setting up your firewall (if any), proxy server (if any)
- If you use a proxy server to access the Internet, make settings in ONTAP
- When configuring AutoSupport, select the HTTPS protocol to connect
- Enable AutoSupport
More details .
findings
AOD and RSA, of course, do not eliminate the need for the owner of the storage system to participate in resolving any issues. But it greatly simplifies and speeds up this process, especially this is necessary, in those moments when the speed of technical support reaction is really very important. Using RSA / AOD is especially convenient when systems are scattered around the country and there are no local administrators who serve them. I often set up RSA and AutoSupport with customers, even if there is a good competence in NetApp, I recommend and you always include them. Turn on AOD in advance;)
I ask to send messages on errors in the text to the LAN .
Comments, additions and questions on the article on the contrary, please in the comments .
Source: https://habr.com/ru/post/280438/
All Articles