{% include "_shared/_delete_tutorial_resources.html" with name="Managing workloads and apps with NetApp Cloud Volumes Service" %}

Managing workloads and apps with NetApp Cloud Volumes Service

By Alim Karim, Product Manager, NetApp

NetApp and Google Cloud Platform (GCP) have partnered to offer Cloud Volumes Service, a fully managed, cloud-native data service that provides advanced data management capabilities and performance.

Whether you are looking to migrate existing enterprise and industry-specific apps to GCP, or to build new machine learning (ML) and Kubernetes-based apps that require persistent storage, you can accelerate the deployment time and create rapid clones in a matter of minutes.

NetApp Cloud Volumes Service for GCP

Cloud Volumes Service helps you manage your workloads and apps. Migrate your workloads to the cloud without sacrificing performance. Cloud Volumes Service removes obstacles so you can move more of your file-based apps to GCP, with support for Network File System version 3 (NFSv3) and Server Message Block (SMB). You don't have to re-architect your apps and you get persistent storage for your apps without complexity.

Key features:

  • Fully-managed service with NoOps, integrated with the Google Cloud Platform Console.
  • Migrate data between on-premises and GCP.
  • Provision volumes from 0 to 100 TB in seconds.
  • Multiprotocol support (NFS and SMB).
  • Protect data with automated, efficient snapshots.
  • Accelerate app development with rapid cloning.
  • Consume cloud services such as analytics, AI, and ML.

Cloud Volumes Service is integrated with the GCP Console and available through Cloud Marketplace. This solution enables you to quickly add multi-protocol workloads as well as build and deploy both Windows-based and UNIX-based apps. You can schedule snapshots of your Cloud Volumes Service and restore snapshots to help keep your data protected. You can also create clones and then migrate them to keep your datasets continuously in sync. Cloud Volumes Service enables you to stay productive across your file services–based workloads, such as analytics, DevOps, and database apps.

Service levels

With three service levels—standard, premium, and extreme—that you can change on demand, Cloud Volumes Service delivers the right performance fit for your workload that you can adjust as the nature of your app changes. The cloud volume scales with the amount of allocated capacity, so performance isn't limited as your dataset expands. You can also increase or decrease the allocated capacity on the fly without having to worry about adding or deleting underlying nodes.

Service levels Throughput
per TB
Workload types
Standard 16 MB/s General purpose, file shares,
email, and web
Premium 64 MB/s Databases and apps
Extreme 128 MB/s High-performance apps

Use cases

Cloud Volumes Service supports and expedites the deployment of various cloud-based systems through rapid delivery of shared file systems and a rich set of storage management features. The primary use cases for using Cloud Volumes Service include file services, analytics, DevOps, and databases.

The following diagram illustrates the typical architecture of Cloud Volumes Service combined with GCP:

Architectural diagram of Cloud Volumes Service on GCP

File services

Cloud Volumes Service is a fault-tolerant, scalable platform for creating cloud-native NFS and SMB file systems. As a result of NetApp's long experience delivering enterprise, on-premises, network-attached storage solutions, Cloud Volumes Service comes with a complete range of supporting features:

  • Read-only and read-write client access control
  • Connections over both NFSv3 and NFSv4 (coming soon)
  • Active Directory (AD) integration for SMB file systems.

This range of features helps you migrate existing apps to GCP and provides you with a platform to develop and maintain a file storage solution in the cloud, saving you time and money by reducing spending on hardware, maintenance, power, cooling, and physical space.

Enterprise apps

You can easily rehost your traditional apps, which are currently deployed on-premises, to Cloud Volumes Service. This includes a subset of enterprise apps that typically don't require refactoring, but you want to preserve their core functionality for unstructured data storage workflows.

By using Cloud Volumes Service, you can create NFS shares for Linux-based apps and SMB shares for Windows-based apps in seconds. These shares are fully managed. You can scale them up or down for capacity and performance without impacting your workflows or users.

You can preserve app service delivery lifecycles with quick snapshots and copies for development, testing, and staging environments. This capability further accelerates production releases and minimizes the lead time in a true no-ops fashion.

Stateful apps on Google Kubernetes Engine

Google Kubernetes Engine (GKE) enables app teams to containerize existing apps as well as to deploy new app clusters that are location independent.

Stateful app sets for use cases such as analytics, devops CI/CD pipelines, and databases, often require data persistence. Cloud Volumes Service takes a cloud-native approach in providing persistent and performant endpoints.

For environments of large-scale composite apps, Cloud Volumes Service has the enterprise data management capabilities to help you overcome storage management challenges in provisioning, copying, and protecting the datasets.

Databases

Open source databases are often at the heart of online transaction processing, which can include banking, retail sales, and online purchases. Slow response times often send your customers looking elsewhere. Most of your customers won't wait for your app or web pages to load. High-performance storage is where Cloud Volumes Service can help. Whether you're accessing the primary database or a snapshot copy, you can expect excellent, consistent performance from Cloud Volumes Service.

Cloud Volumes Service supports different levels of performance for each file system. Because database administrators can allocate individual storage pools for hot or cold data, they have fine-grained control over the use of high-performance storage or more cost-effective, high-capacity storage. Cloud Volumes Service helps ensure that file systems are available and resilient against system failures, which simplifies the setup for reliable database services in the cloud.

Get started with Cloud Volumes Service

Cloud Volumes Service is a fully-managed, cloud, file storage service that provides access to cloud volumes through NFS or SMB protocols. In this article, you either create an NFS or a SMB volume to manage your cloud volume.

Objectives

  • Create an NFS or SMB volume.
  • Mount NFS exports to Compute Engine instances.
  • Map SMB shares from Compute Engine instances.

Costs

This tutorial uses the following billable components of Google Cloud Platform:

  • Compute Engine

You can use the pricing calculator to generate a cost estimate based on your projected usage. New GCP users might be eligible for a free trial.

Before you begin

The current release requires that you are qualified and whitelisted before you can access the service. To submit your information for qualification, register with NetApp. If you have already submitted this information or are working directly with a NetApp team member, you can skip this step.

You must enable the NetApp Cloud Volumes API to associate it with a current project and to enable billing.

  1. In the GCP Console, go to APIs & Services.

    GO TO APIS AND SERVICES

  2. To go to the API library, click Enable APIs and Services.

    Enable API and Services button

  3. In the Search field, type NetApp Cloud Volumes.

    Searching for NetApp Cloud Volumes Services in GCP

  4. Click NetApp Cloud Volumes API. If the page displays API enabled, then NetApp Cloud Volumes API is already enabled. Otherwise, click Enable.

    Enable API button

Workflow for managing cloud volumes

The following diagram illustrates the key tasks for managing cloud volumes that use NFS or SMB.

Workflow for managing cloud volumes

Creating and managing NFS volumes

After you create an NFS volume, you mount your NFS exports to Compute Engine instances.

Create an NFS volume

  1. In the GCP Console go to the Volumes page.

    GO TO VOLUMES PAGE

  2. Click Create.

  3. The Create volume window defaults to NFS. Complete the following fields:

    1. In the Name field, enter a display name for the volume.
    2. The Volume path must be unique across all your cloud volumes. The system automatically generates a recommended volume path.
    3. For Service level, click the level of performance for the volume. It scales with capacity. For more information, see service levels.

    4. From the Region drop-down list, select a GCP region for your volume. For more information about region selection, see Best practices for Compute Engine region selection.

    5. In the Allocated capacity field, the minimum size of a cloud volume is 1,000 GB (1 TB).

      Create NFS volume window

    6. In the Allowed clients field, enter the IP address or range of addresses that have access to the cloud volume. To select the type of access these IP addresses have to the cloud volume, either select Read & Write or Read Only.

      IP address range

  4. Click Save. The new volume appears in the Volumes list.

    Volumes list

Mount NFS exports to Compute Engine instances

  1. In the GCP Console, go to the Volumes page.

    GO TO VOLUMES PAGE

  2. Click the NFS volume for which you want to mount NFS exports.

  3. Scroll to the right, click More more_vert, and then click Mount Instructions.

    Create NFS volume

  4. Follow the instructions in the Mount Instructions for NFS window.

    NFS mount instructions

Creating and managing SMB volumes

Before you can create and manage SMB volumes, you must add an Active Directory (AD) connection. Currently, Cloud Volumes Service supports only one AD connection per GCP region.

Create an AD connection

  1. In the GCP Console, go to Cloud Volumes.

    GO TO CLOUD VOLUMES PAGE

  2. Click Active Directory connections, and then click Create.

  3. In the Create Active Directory Connection window, enter the following information, and then click Save.

    1. In the Username and Password fields, enter credentials associated with an account that has privileges to create a computer account in AD.
    2. In the Domain field, enter the name of the AD domain.
    3. In the DNS server field, enter the DNS server address of the AD domain.
    4. In the NetBIOS field, enter the NetBIOS name of the server.
    5. From the Region drop-down list, select a region associated with your AD credentials.

      Active Directory window

Create an SMB volume

  1. In the GCP Console, go to the Volumes page.

    GO TO VOLUMES PAGE

  2. Click Create.

  3. In the Create volume window, click SMB and complete the following fields:

    1. In the Name field, enter a display name for the volume.
    2. The Volume path must be unique across all your cloud volumes. The system automatically generates a recommended volume path.
    3. For Service level, click the level of performance for the volume. It scales with capacity.
    4. From the Region drop-down list, select a GCP region for your volume. For more information about region selection, see Best Practices for Compute Engine region selection.
    5. In the Allocated capacity field, the minimum size of a cloud volume is 1,000 GB (1 TB).
    6. From the Active Directory connection drop-down list, select the AD connection that you created.

      Create SMB volume

      Select AD connection

Map SMB shares from Compute Engine instances

  1. In the GCP Console, go to the Volumes page.

    GO TO VOLUMES PAGE

  2. Click the SMB volume for which you want to map an SMB share.

  3. Scroll to the right, click More more_vert, and then click Mount Instructions.

    Mount SMB

  4. Follow the instructions in the Mount Instructions for SMB window that appears.

    Create SMB instructions

Deleting a cloud volume

Whether you create an NFS or SMB volume, you can delete a cloud volume that is no longer needed. Note that once a cloud volume is deleted, it cannot be restored. The deletion operation cannot be undone.

  1. In the GCP Console, go to the Volumes page.

    GO TO VOLUMES PAGE

  2. In the Volumes view, select the volume that you want to delete, and then click Delete.

  3. In the Delete Volume dialog, click Confirm to delete the volume.

Security considerations

You should familiarize yourself with a few security considerations for NFS and SMB access of Cloud Volumes Service.

NFS access

The NFS considerations in this section pertain only to NFSv3, which is currently the only supported version.

GCP has strict inbound firewall rules that are categorized as default and implied. Every VPC Service Controls network has two implied firewall rules. Understanding the implied rules help you manage access to the cloud volumes.

  • The implied allow egress rule: The rule's action is to allow, the destination IP range is 0.0.0.0/0, and the priority is the lowest possible (65535). It lets any instance send traffic to any destination. You can restrict outbound access with a firewall rule that has a higher priority. Internet access is permitted if no other firewall rules deny the outbound traffic and if the instance has an external IP address or uses a NAT instance. See Internet access requirements for more details.
  • The implied deny ingress rule: The rule's action is to deny, the source is 0.0.0.0/0, and the priority is the lowest possible (65535). It protects all instances by blocking incoming traffic to them. You can permit incoming access with a firewall rule that has a higher priority. Note that the default network includes some additional rules that override this rule to permit certain types of incoming traffic.

NFS uses various ports to communicate between the initiator and a target. To ensure proper communication and successful volume mount, you must enable these ports on the VPC firewalls. If you have a local firewall enabled, you must also enable these ports on the compute instance. The required ports are as follows:

  • 111 TCP/UDP portmapper
  • 2049 TCP/UDP nfsd
  • 635 TCP/UDP mountd
  • 4045 TCP/UDP nlockmgr
  • 4046 TCP/UDP status

SMB access

AD integration

In the Cloud Volumes Service implementation of SMB, workgroups aren't supported. Cloud Volumes Service have an inherent dependency on a directory service. The following are supported directories:

  • A "roll your own" AD that is a Windows 2008r2 or later AD server in the tenant VPC.
  • A third-party AD as a service in GCP.

Communication between cloud volumes and AD

GCP has strict inbound firewall rules that are categorized as default and implied. Every VPC network has two implied firewall rules. Understanding the implied rules help you manage access to the cloud volumes.

  • The implied allow egress rule: The rule's action is to allow, the destination IP range is 0.0.0.0/0, and the priority is the lowest possible (65535). It lets any instance send traffic to any destination. You can restrict outbound access with a firewall rule that has a higher priority. Internet access is permitted if no other firewall rules deny the outbound traffic and if the instance has an external IP address or uses a NAT instance. See Internet access requirements for more details.
  • The implied deny ingress rule: The rule's action is to deny, the source is 0.0.0.0/0, and the priority is the lowest possible (65535). It protects all instances by blocking incoming traffic to them. You can permit incoming access with a firewall rule that has a higher priority. Note that the default network includes some additional rules that override this rule to permit certain types of incoming traffic.

You must create a set of inbound rules to enable Cloud Volumes Service to initiate communication with the AD domain controllers. You must add these rules to the security groups that are attached to each AD instance to enable inbound communication from the storage subnet CIDR or the specific IP address. The required ports are as follows:

  • ICMPV4
  • DNS 53 TCP
  • DNS 53 UDP
  • LDAP 389 TCP
  • LDAP 389 UDP
  • LDAP (GC) 3268 TCP
  • NetBIOS Name 138 UDP
  • SAM/LSA 445 TCP
  • SAM/LSA 445 UDP
  • Secure LDAP 636 TCP
  • Secure LDAP 3269 TCP
  • W32Time 123 UDP
  • AD Web Svc 9389 TCP
  • Kerberos 464 TCP
  • Kerberos 464 UDP
  • Kerberos 88 TCP
  • Kerberos 88 UDP

Support and troubleshooting

If you encounter issues setting up or managing Cloud Volumes Service, you can create a case for support.

  1. In the GCP Console, hold the pointer over Support and then click Cases.

    GO TO THE CASES PAGE

    Cases menu

  2. In the Role-Based Support dialog, click Open Support Centre.

    Open Support Center button

  3. Click My Account and then next to the support package you want to use, click New Case.

  4. In the New Case section, complete the following fields:

    1. From the Issue Type drop-down list, select Networking.
    2. From the Component drop-down list, select NetApp Cloud Volumes.
    3. From the Subcomponent drop-down list, select the option that most closely describes your issue.
    4. Complete the other required fields such as Project ID, Subject, and Description of the problem.

Cleaning up

To avoid incurring charges to your Google Cloud Platform account for the resources used in this tutorial:

Delete the project

  1. In the GCP Console, go to the Projects page.

    Go to the Projects page

  2. In the project list, select the project you want to delete and click Delete delete.
  3. In the dialog, type the project ID, and then click Shut down to delete the project.

Delete Compute Engine instances

  1. In the GCP Console, go to the VM Instances page.

    Go to the VM Instances page

  2. Click the checkbox next to the instance you want to delete.
  3. Click Delete delete at the top of the page to delete the instance.

What's next

  • Try out other Google Cloud Platform features for yourself. Have a look at our tutorials.
Was this page helpful? Let us know how we did:

Send feedback about...