Proud Member of the #NetAppATeam
I Blog at TMACsRack
You can create a LIF inside your SVM with the mgmt firewall policy.
It will still be able to provision storage from any aggregate though. I don't believe you can lock that down.
-----Original Message-----
From: toasters-bounces@teaparty.net <toasters-bounces@teaparty.net> On Behalf Of Philbert Rupkins
Sent: 04 May 2018 16:04
To: toasters@teaparty.net
Subject: Restrict VSC to a Subset of SVM's
Hello Toasters,
Our ontap clusters contain a number of SVM's. For purposes of this post I'll classify our SVM's into two broad categories:
* SVM's that host storage resources for our ESXi clusters
* SVM's that do NOT host storage resources for our ESXi clusters
We initially direct connected VSC to the SVM's hosting VMware resources. As documented by NetApp, this resulted in VSC provisioning volumes (NFS datastores) then mounting them via indirect paths (our SVMs have multiple lifs). We dont want datastores mounted via indirect paths, nor do we want to deal with the other limitations associated with direct connecting VSC to SVM's.
Now, AFAIK, the only option we're left with is connecting VSC to the cluster management LIF. The catch is we only want to allow VSC privileges to manage the SVM's hosting VMware resources. VSC should not have privileges to the non-Vmware related SVMs.
Is there a way to connect VSC to the cluster management LIF while only allowing VSC the ability to provision storage to and manage a subset of SVM's on the cluster?
We're currently running VSC 6.2.1 and ONTAP 9.2P2.
-Phil
_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters
_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters