| sidebar | permalink | keywords | summary |
|---|---|---|---|
sidebar |
faq_saas.html |
faq, frequently asked questions, questions |
This FAQ answers key questions associated with the new Cloud Manager SaaS release. |
This FAQ answers key questions associated with the new Cloud Manager SaaS release.
-
A unified API and UI
A unified and centralized API control plane for all NetApp ONTAP-based storage solutions, providing customers with management and control of the following:
-
Azure NetApp Files
-
Cloud Volumes Service for AWS
-
Cloud Volumes Service for Google Cloud
-
Cloud Volumes ONTAP
-
-
Seamless integration with NetApp data services
For smooth integration, storage solutions come built-in with data services that can be easily integrated.
-
Centralized management of multiple environments
Deployment and management of multiple environments is now simplified. With previous releases, a customer had to deploy Cloud Manager instances in every desirable location. With the new release, the Cloud Manager agent is now renamed to Connector.
Users with multiple NetApp Cloud Central Accounts or Connectors can easily switch between different accounts and environments.
-
Public endpoint for API and UI
With the new release you can access the API and GUI for your Cloud Manager securely via https://cloudmanager.netapp.com.
As mentioned, the Cloud Manager instance deployed in a customer’s network is now called a Connector.
The role of the Connector hasn’t changed. It has the same purpose as before—to manage resources and processes within the customer’s public cloud network.
No, you should not. The Connector is the same software that was used to manage resources and processes within your public cloud environments, such as deploying and managing Cloud Volumes ONTAP, enabling Cloud Backup Service, deploying Cloud Compliance, and more.
A SaaS-based subscription is available from your cloud provider’s marketplace to pay for the following as you go:
-
Cloud Volumes ONTAP (starting with version 9.6 in AWS and GCP, and version 9.7 in Azure)
-
Cloud Backup
-
Cloud Compliance
-
Cloud Tiering
For Cloud Volumes ONTAP, Cloud Backup, and Cloud Tiering, you also have the option to purchase licenses directly from NetApp. In those cases, a SaaS-based subscription isn’t required.
A SaaS-based subscription is the only way to pay for Cloud Compliance.
When you get started with these services, Cloud Manager prompts you to subscribe if a subscription isn’t in place. You’ll only need to subscribe once—Cloud Manager uses the same subscription for each of these services.
The following links provide pricing and subscription details for these services.
-
Cloud Volumes ONTAP
-
Cloud Backup
-
Cloud Tiering
-
Cloud Compliance
Can I still use my Cloud Manager the same way that I did before (locally through the instance deployed in my VPC)?
Yes, you can do that by clicking the Connector menu and clicking Go to local UI or by entering the Connector’s IP address directly into your web browser.
Nothing is needed. Just browse to https://cloudmanager.netapp.com and start working. Obviously, access to Cloud Manager is only granted to authorized users.
No. It’s where it’s always been—in your VPC or VNet, under your management.
It’s operated securely by NetApp in the public cloud.
No data is stored in the Cloud Manager SaaS service layer.
The SaaS platform is used as a secure pipeline for API calls (HTTPS with a NetApp-signed certificate) between the user’s web browser and the local Connector or the different NetApp services integrated into Cloud Manager.
The Connector/Cloud Manager has not changed. It’s storing the same data that it did in the previous release. It only holds metadata required to manage resources and processes within your public cloud environments, such as deploying and managing Cloud Volumes ONTAP, enabling Cloud Backup Service, deploying and using Cloud Compliance, and more (see the Learn about Connectors page for the complete list of services).
Data from the Connector to the customer is transported via HTTPS, encrypted and signed by a NetApp certificate. The SaaS-based UI serves as a secure pipeline between the client web browser and the Connector. That means the data from the Connector can be accessed only by authorized users.
For customers utilizing the Cloud Compliance service, it is now encrypted end-to-end. The key exchange takes place between the web browser and the Connector, so NetApp can’t read any of the data. Learn more about Cloud Compliance.
The data is encrypted end-to-end. The key exchange takes place between the web browser and the Connector, so NetApp can’t read any of the data.
What kind of network direction access is used for the SaaS-based UI and API to access the Connector?
-
Communication from the customer’s VPC/VNet to the SaaS-based UI is only outbound, which means it’s only initiated by the Connector.
-
The Connector polls for updates from the SaaS-based service tier on a secure channel.
-
All API calls use authentication and authorization to ensure that access is secure.
This means that no additional ports/endpoints in your network need to be opened.
-
Communication between the user’s browser client and the SaaS-based UI uses HTTPS with a NetApp-signed certificate.
No, the login flow has stayed the same as the previous release. When a user logs in (SSO or credentials), they are authenticated against Auth0, just like before.
Note the following:
-
If SSO or Federation is in place, the same security procedures that were being used are still in place. Access is federation at your company’s facility. When utilizing federated access, you can add MFA (at your company’s discretion) for heightened security.
-
There are no changes to roles or permissions. Only users who are registered with the Cloud Central account can access the SaaS-based endpoints.
-
Usage of Incognito Mode or a configuration where 3rd party cookies are not allowed in your client browser is currently not supported.