Articles in this section

See more

NetApp StorageGRID | Scan Requirements

Avatar
Oz Gabriely
  • Updated

Preparation for Scanning StorageGRID

StorageGuard collects configuration data from NetApp StorageGRID systems by opening a secure HTTP connection to the system. StorageGuard collects data using read-only Grid Management API calls.

The following table lists the requirements for scanning StorageGRID systems:

# Description
1 Provide the network name or IP address of the StorageGRID Admin Node.
2 Provide a user account and password.
3

The user account should be assigned with an unlimited read-only role, enabling it to run GET API requests for the Grid Manager and Tenant Manager.

Examples of read-only APIs used:

  • api/v3/grid/ntp-servers (GET)
  • api/v3/grid/identity-source (GET)
  • api/v3/org/identity-source (GET)
  • api/v3/private/gateway-config (GET)
4 Verify IP connectivity through HTTP or HTTPS (443) is available between the StorageGuard server and the StorageGRID Admin Node.
 

 

Creating a User Account for Scanning StorageGRID

The following suggested method can be used to provision a user account with appropriate privileges.

 

For scanning the Grid Manager only:

  • Login to the Grid Manager.
  • Select Configuration > Access control > Admin users.
  • Select Create user and enter the user details.
  • The user requires access to the Grid Management API.
  • Select Continue.
  • Assign to an appropriate group that has the following settings:
    • Access mode: Read-only.
    • At least the following Management permissions: Root access, ILM, Metrics query, Tenant accounts, Other grid configuration, Storage appliance administrator, Maintenance, Manage alerts
    • Optional (recommended) Management permissions: Grid topology page configuration, Object metadata lookup, Acknowledge alarms (legacy)
  • Select Create user and select Finish.

 

For scanning both the Grid Manager and Tenant Manager:

  • On the StorageGRID's configured identity federation (IdP) source, create a designated scan user and assign it to a designated IdP group.
  • On the StorageGRID Grid Manager, add the user to group with read-only access mode and unlimited permissions.
    • Select Configuration > Access Control > Admin Groups.
    • Create or select the group that matches the designated IdP group.
    • Group settings:
      Access mode: Read-only
      At least the following Management permissions: Root access, ILM, Metrics query, Tenant accounts, Other grid configuration, Storage appliance administrator, Maintenance, Manage alerts
      Optional (recommended) Management permissions: Grid topology page configuration, Object metadata lookup, Acknowledge alarms (legacy)
  • On the StorageGRID Tenant Manager, add the user to group with read-only access mode and unlimited permissions.
    • Select ACCESS MANAGEMENT > Groups.
    • Create or select the group that matches the designated IdP group's unique name. For Active Directory, the unique name is the name associated with the sAMAccountName attribute. For OpenLDAP, the unique name is the name associated with the uid attribute.
    • Group settings:
      • Access mode: Read-only
      • Management permissions: Root access

Related articles

Comments

0 comments

Please sign in to leave a comment.