Documentation

There is a few steps to get the virtual appliance up and running :

  • Deploy the virtual machine
  • Download NetApp Harvest and NMSDK from the NetApp web site
  • Use the web interface to install these products
  • Configure your systems credentials

Thanks to Matthias Rettl, there is a German installation guide available here

Deploying the OVA

Just point your browser to your vSphere Web Client, and use the Deploy OVF Template feature.

Use the contextual menu to find the “Deploy OVF Template” option.

Wait for the deployment to finish and boot the appliance.

Once booted, if there is a DHCP server on the network, it will get an auto assigned IP, otherwise, you need to configure the IP informations in the console.

Basic Configuration

On the console you should see the IP address, it is also displayed in vCenter under the VM properties.

==================================================
NAbox (2.3)
Harvest not installed
==================================================

Current IP address : 172.16.94.204

Connect to https://172.16.94.204/admin or login with 'admin'
to configure the virtual appliance

Connect to https://<ip>/admin/ to configure the virtual appliance.

The default credentials to connect to the Web UI or the console menu are :

  • Username : admin
  • Password : Netapp01

If you want to access the base appliance operating system (not necessary to use the appliance) you can login with:

  • Username : root
  • Password : NetappGrafanaVA

Login window

Click on the icon to go to the settings area. It is divided in 8 sections :

Network settings

Network Settings

Let you configure host name and IP address.

Time zone

Time zone

The time zone is important for data time accuracy and proper logging.

Note that if you disable NTP (the default) the time is synchronized with the hypervisor using VMware Tools.

Admin Password

Time zone

It is recommended to change the admin password and also the root password.

The Virtual Appliance stores sensible informations like passwords to your storage system, anyone capable of logging in as root can easily retrieve these passwords.

LDAP / Active Directory

LDAP / AD

Configuring an Active Directory or LDAP server in NAbox is easy but you need to make sure you have the correct informations. It is especially important that you make sure that parameters do not have extra space and respect the original character case.

It is recommended that you use the ADSI utility in Windows to browse your users and groups and copy/paste parameters from there.

Bind Account DN and Bind Account Password are the full DN for the user and its password. This is usually a service account created in Active Directory to get limited access to the directory.

Users Search Base DN(s) and Group Search Base DN(s) is usually something like DC=mydomain,DC=com, but in big organizations it might be necessary to restrict the search scope to something more specific.

In The Groups mapping section you specify the full DN for the groups according to Grafana roles that they must have.

It is not uncommon to set "*" (star) in the Viewer DN field to allow everyone to view the dashboards.

SSL

SSL

Use the SSL configuration to :

  • Re-generate the SSL certificate for NAbox as a Self Signed Certificate
  • Generate Certificate Signing Request (CSR) that your organization can approve and return to you a signed certificate that you can install.

The later is usual in high security environment and to avoid Self Signed Certificate warnings in your web browser

Backup / Restore

Backup / Restore

You can download a backup file containing the configuration of NAbox.

>Harvest configurations

Configuration for your systems and OCUM servers. The backup contains credential to the systems so you might want to keep it in a safe location

>Graphite Configuration

Graphite configurations related to specific data retention, additional blacklists, etc.

It is the content of the /conf/ directory of Graphite

>Grafana Configuration

Specific adjustments made into the Grafana main configuration file (SMTP server or other parameters related to LDAP integration for example).

>Dashboards

Exports your dashboards from Grafana.

Note that as a best praxtice you should nevers modify Harvest provided dashboards, as you’re taking the risk they will be overwritten with the next Harvest upgrade.

>Apache SSL certificate

Saves your custom certificates configured for NAbox web server.

>NABOX Configuration (Network & Timezone)

Other parameters related to NAbox itself.

>NTP Configuration

Backup the full configuration for NAbox NTP client

Migration

Migration

This interface lets you import metrics from another NAbox or ADVA.

Simply specify the source VA IP address and root credentials, as well as the local admin password and the migration will start and display the progress.

This will overwrite any metrics data that you have locally.

Maintenance

Time zone

You can upgrade and install products from this menu, as well as collect support data for troubleshooting.

Use this menu to install NAbox updates, new Harvest versions or NMSDK.

Install the NetApp components

Additional files needed

Before NAbox will collect data from NetApp systems, you must install the following products :

Then go in the Maintenance section of the settings menu to upload the packages.

Maintenance menu

Upload both Harvest and NMSDK packages in any order.

Once both files are uploaded, you should see the versions indicated, you can also click on the upper left corner to see the installed components.

About

Configure Harvest user

You should use a non privileged user to connect Harvest to your storage systems.

Here is the required privileges and how to create a dedicated user :

Configure role

On Clustered Data ONTAP

security login role create -role netapp-harvest-role -access readonly -cmddirname "version"
security login role create -role netapp-harvest-role -access readonly -cmddirname "cluster identity show"
security login role create -role netapp-harvest-role -access readonly -cmddirname "cluster show"
security login role create -role netapp-harvest-role -access readonly -cmddirname "system node show"
security login role create -role netapp-harvest-role -access readonly -cmddirname "statistics"
security login role create -role netapp-harvest-role -access readonly -cmddirname "lun show"
security login role create -role netapp-harvest-role -access readonly -cmddirname "network interface show"
security login role create -role netapp-harvest-role -access readonly -cmddirname "qos workload show"        

On 7-mode

# Create role
useradmin role add netapp-harvest-role -c "Role for performance monitoring by NetApp Harvest" \
  -a login-http-admin,api-system-get-version,api-system-get-info,api-perf-object-*,api-ems-autosupport-log

Configure user

Clustered Data ONTAP <= 8.2.x

security login create -username netapp-harvest -application ontapi -role netapp- harvest-role -authmethod password

Clustered Data ONTAP >= 8.3

security login create -user-or-group-name netapp-harvest -application ontapi -role netapp-harvest-role -authmethod password

7-mode

# Create group
useradmin group add netapp-harvest-group -c "Group for performance monitoring by NetApp Harvest" -r netapp-harvest-role
# Create user
admin user add netapp-harvest -c "User account for performance monitoring by NetApp Harvest" \
  -n "NetApp Harvest" -g netapp-harvest-group

Add your first system

TLS Configuration

For 7-mode systems, make sure that TLS is enabled by setting :

options tls.enable on

Harvest page

Click on the Add System button to connect to a Clustered Data ONTAP system or 7-mode

Add System

Fill out the credentials and informations about the cluster. The value in gray are defaults and can be left as-is if appropriate.

Configured cDOT

Your cluster is now configured and collecting metrics.

Open Grafana

You can connect go to Grafana dashboard interface, within a few minutes, metrics will be visible.

Console Management

If you are in a situation where the web interface is not reachable, you can use the console to troubleshoot.

IP configuration

Use the console configuration if the web interface is not reachable for some reason.

By default, the virtual appliance uses DHCP. You can use the console, or ssh to connect with “admin” account. The default password is Netapp01.

Note that the root password if you ever need it is NetappGrafanaVA

  [Main Menu]

  You are using NAbox v2.2 (2016-12-13)

  [1] Configure Network (Current IP: 192.168.99.20)
  [2] Set Host Name
  [3] Set Timezone (America/New_York)
  [4] Advanced/Maintenance

  [5] Configure Harvest

  [6] Power Off
  [7] Reboot

  [x] Quit

  Choice : 1

Use menu 1 to configure the network.

[Network Configuration]

Method [static|dhcp]: static
IP Address       : 192.168.99.20
Netmask          : 255.255.255.0
Default GW       : 192.168.99.1
DNS 1            : 192.168.99.10
DNS 2 (or enter) :
Use a proxy for internet access ? (y/n)n

Once the network is configured, point your web browser to https://ip_address/admin and you can finish the installation and configure other aspects (password, timezone, clusters, OCUM servers, etc…)

Upgrading

Maintenance menu

When a new version of NAbox is available, you can use the upgrade package to perform the upgrade, you do not have to deploy a new virtual appliance.

After downloading the upgrade as a .tgz file, go in the wrench tool icon on the upper right hand corner and then go in the Maintenance section.

From here you can just upload the file and confirm the installation.

Configuring OPM (optional)

You can point OPM to send metrics to NAbox, but note that there is no dashboards provided for it, all the default dashboards only work with Harvest.

Last login: Mon Dec  8 15:52:16 2014

  OnCommand Performance Manager Maintenance Console

  Version    : 1.1.0RC1
  System ID  : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
  Status     : Running

 Main Menu
 ---------
    1 ) Upgrade (Disabled. Must be run on virtual machine console.)
    2 ) Network Configuration
    3 ) System Configuration
    4 ) Support/Diagnostics
    5 ) Unified Manager Connection
    6 ) External Data Provider

    x ) Exit

 Enter your choice: 6

The magic happens in menu 6 “External Data Provider”. This is where you setup the information for the external database :

External Server Connection Menu
-------------------------------
   1 ) Display Server Configuration
   2 ) Add / Modify Server Connection
   3 ) Modify Server Configuration
   4 ) Delete Server Connection

   b ) Back
   x ) Exit

Enter your choice: 2

 Current Connection Settings:
      Server Name or IP =
      Server Port       =

Do you wish to continue? (y/n):y

   External Server Name or IP    : 192.168.99.20
   External Server Port          : 2003

 Here are your settings:
      External Server Name or IP    :  192.168.99.20
      External Server Port          :  2003

 Are these settings correct? (y/n/q):y


Press any key to continue.

Last, you need to specify the level of detail you want exported. This is done through choice 3 and picking DRILL_DOWN if you want the maximum level of details :

External Server Connection Menu
-------------------------------
   1 ) Display Server Configuration
   2 ) Add / Modify Server Connection
   3 ) Modify Server Configuration
   4 ) Delete Server Connection

   b ) Back
   x ) Exit

Enter your choice: 3

 Current Connection Configuration:
      Statistics group  = RESOURCE_UTILIZATION
      Vendor tag        = netapp-performance
      Transmit interval = 5
      Enable/disable    = ENABLE

Do you wish to continue? (y/n):y

 Current statistics group: RESOURCE_UTILIZATION
      0 - PERFORMANCE_INDICATOR
      1 - RESOURCE_UTILIZATION
      2 - DRILL_DOWN
   Statistics group id   : 2
   Vendor tag            : netapp-performance
 Current transmit interval: 5
      5/10/15 minutes
   Transmit interval     : 5
 Current transmit status: ENABLE
      0 - DISABLE
      1 - ENABLE
   Enable/disable        : 1

 Here are your settings:
      Statistics group    :  DRILL_DOWN
      Vendor tag          :  netapp-performance
      Transmit interval   :  5
      Enable/disable      :  ENABLE

 Are these settings correct? (y/n/q):y

Connect to the following address to have a view on the metrics hierarchy in Graphite UI: https://<virtual_appliance>/graphite/

“netapp-performance” in Graphite

After 10mn or so, you should see the first metrics showing up in Graphite UI in a new folder called “netapp-performance”

Appendix A - Firewall Configuration

NAbox uses the following ports that needs to be open on your firewall.

Workstation designates the computer used to run the web browser to access NAbox components.

Source Destination Port Protocol Role
Workstation NAbox 443 TCP Web interface for admin/grafana/graphite
Workstation NAbox 22 TCP SSH for troubleshooting or maintenance
NetApp System NAbox 514 UDP Syslog for future use (optional)
NAbox NetApp systems 443 TCP HTTPS for data collection
NAbox NetApp systems 80 TCP HTTP for data collection (if needed)