There is value in having a simple SVM dedicated purely for ONTAP cluster administrative/management purposes (as per this article). Here are the steps to create.
1) Create the vserver and remove protocols (security hardening).vserver create
-vserver adAuthSVM
-rootvolume adAuthSVM_root
-aggregate cluster1_01_SSD_1
-rootvolume-security-style ntfs
-language C.UTF-8
-snapshot-policy none
-comment "Domain Tunnel Management Authentication SVM"
vserver create -vserver adAuthSVM -rootvolume adAuthSVM_root -aggregate cluster1_01_SSD_1 -rootvolume-security-style ntfs -language C.UTF-8 -snapshot-policy none -comment "Domain Tunnel Management Authentication SVM"
vserver remove-protocols -vserver adAuthSVM -protocols nfs,cifs,fcp,iscsi,ndmp,nvme,s3
2) Configure networking.
route create -vserver adAuthSVM -destination 0.0.0.0/0 -gateway 192.168.0.1 -metric 20
network interface create
-vserver adAuthSVM
-lif adAuth_lif
-data-protocol none
-address 192.168.0.136
-netmask 255.255.255.0
-home-node cluster1-01
-home-port e0e
network interface create -vserver adAuthSVM -lif adAuth_lif -data-protocol none -address 192.168.0.136 -netmask 255.255.255.0 -home-node cluster1-01 -home-port e0e
dns create -vserver adAuthSVM -domains demo.company.com -name-servers 192.168.0.253
3) Active Directory and Domain Tunnel Setup .
active-directory create -vserver adAuthSVM -domain demo.company.com -account-name adAuthSVM
domain-tunnel create -vserver adAuthSVM
4) Create a test domain user.
security login create -user-or-group-name demo\atestuser -vserver cluster1 -authentication-method domain -role admin -application http
5) And test!
Note: Entries are highlighted to aid with coming up with naming conventions (before creating our AD Authentication SVM, cluster and aggregates are already created.)
Comments
Post a Comment