Notes from the Field - Newer Versions of NetApp OnCommand Require TLS

Depending on when you installed your NetApp storage running ONTAP, certain connectivity parameters might prevent web based managent with newer version of OnCommand Manager.

There are several errors that could be displayed including "500 Connection refused."

The web based onCommand management suite worked fine, until TLS was required. Previously, only HTTPS was enabled on the NetApp.  TLS is a much more secure protocol and is the preferred method of connectivity.

TLS can be enabled via the command line with the following command:

options tls.enable on

The setting can be verified by running the options command.

The list will display the status of every option in the system.  The TLS.Enable option is the one of concern.

acp.domain                   43200
acp.enabled                  on
acp.netmask                  16580607
acp.port                     e0P
auditlog.enable              on         (value might be overwritten in takeover)
auditlog.max_file_size       10000000   (value might be overwritten in takeover)
auditlog.readonly_api.enable off        (value might be overwritten in takeover)
autologout.console.enable    on         (value might be overwritten in takeover)
autologout.console.timeout   60         (value might be overwritten in takeover)


timed.sched                  hourly     (same value in local+partner recommended)
timed.window                 0s         (same value in local+partner recommended)
tls.enable                   on         (same value required in local+partner)
trusted.hosts                *          (same value required in local+partner)
vfiler.vol_clone_zapi_allow  off
vol.copy.throttle            10         (value might be overwritten in takeover)
vol.move.cutover.cpu.busy.limit 100
vol.move.cutover.disk.busy.limit 100


Apply this command to all filers in a failover cluster.

The settings and commands were tested on DataOntap running in 7 mode.