Skip to main content

NetApp E-Series Automation with the SANtricity PowerShell Toolkit

I have a project coming up pretty soon that will require the deployment of multiple E-Series arrays whose configurations are likely going to be very similar if not identical, and I thought "I'm lazy, I don't want to do this manually, let's automate it"! I had seen that there were SANtricity (the operating system that runs on the E-Series arrays) cmdlets, about 300 of them in total, included with the NetApp PowerShell Toolkit, so I started digging in and taking a look. During my investigation, I didn't find a whole lot of end-to-end "how-to"s out there on the Internet, so I am creating my own to share with you!

Note: Prior to getting started, I am going to make the assumption that you have: 

- The NetApp PowerShell Toolkit downloaded and installed (I am using version 9.6)
- A Windows or Linux server to install the Web Services Proxy 
- An E-Series array. I have an E5600, which does not have the embedded Web Services Proxy like the newer arrays (E2700,E2800,EF280, etc.) do. If you have one of those new-fangled models, you can skip directly to step 3. 

1. Start by opening up your PowerShell window and importing the SANtricity module:

(get-help *-ne* | Where-Object 
{$_.ModuleName -eq "NetApp.SANtricity.PowerShell"})

Side note: Get-Help is your best friend when you're exploring a new PowerShell module - it'll tell you everything you need to know about syntax, accepted parameters - and even give you examples!

2. Download and install the Web Services Proxy

The Web Services Proxy acts as the middle layer between your client (in this case, PowerShell) and the array by taking your PS commands and translating them to API calls, which are sent to the array by the Web Services Proxy.

Hit the link below to download the Proxy from NetApp's support site (as of this writing, 3.2 is the latest version):

Web Services Proxy 3.2

Choose the installer that fits your operating system type, accept the license agreement, and the download will start. Once finished, you can run the installer to install it on your server of choice. It's a very straight-forward installation process, but there is full documentation available at as well.

3. Create credential object with PowerShell

Back in your PowerShell window, create a new credential object with the "New-NeCredential" cmdlet, using the appropriate Web Services Proxy credentials:

$NeCredential = New-NeCredential 
-ProxyUrl https://<server>:8443/devmgr 
-SystemCredential (Get-Credential)
It is important to note that the default administrative user name and password for the Web Services Proxy is admin/admin, which is okay for my lab environment, but decidedly not okay for production deployments. The Web Services Proxy supports role-based access control with local authentication (stored as salted SHA256 hashes in a configuration file), HTTP Basic Auth, or LDAP. See page 8 of the Web Services Proxy User Guide for detailed information on how to set up these various authentication methods.

4. Add Storage System to PowerShell session

Once you have a proper credential object stored in the $NeCredential variable, you can create the "NeStorageSystem" object that you'll be interacting with.

New-NeStorageSystem -Credential $NeCredential
-Id 1 -ControllerAddresses <mgmt_interface>
If the command completes without error, you can validate that you are connected successfully by running the "Get-NeStorageSystem" command. You'll see output like this (I trimmed it a bit for length):

Id                               : 1
Name                             : lab-e5600-01
Wwn                              : 60080E500043CEC11000000057B367CE
PasswordStatus                   : valid
PasswordSet                      : False
Status                           : optimal
CertificateStatus                : unknown
Ip1                              :
Ip2                              :
ManagementPaths                  : {,}
Controllers                      : {class DiscoveredController {
                                     ControllerId: 070000000000000000000001
                                     IpAddresses: System.Collections.Generic.List`1[System.String]
                                     CertificateStatus: unknown
                                   , class DiscoveredController {
                                     ControllerId: 070000000000000000000002
                                     IpAddresses: System.Collections.Generic.List`1[System.String]
                                     CertificateStatus: unknown

If you see output like this, you are successfully running commands against your array and ready to run any of the 300 cmdlets that are in the Toolkit. For many of them, you'll just need to reference the SystemId (set to "1" in this example).

I'm planning on writing another couple of short posts soon to share some Pester tests to validate E-Series health and configuration (a follow-up on my ONTAP Pester tests that I worked on last month - check that post out if you missed it) as well as a post to talk about end-to-end automated E-Series deployment with PowerShell. Thanks for reading!

Popular posts from this blog

Step up your HTTP security header game with NetScaler Rewrite Policies

There are a number of HTTP response headers that exist to increase web site security. If set properly, they can ensure that your site is less exposed to many common web vulnerabilities. By no means are these descriptions exhaustive, so I have included some references that can provide a more in-depth explanation at the bottom of each section. I'd also like to give a shout-out to the OWASP Secure Headers Project and Scott Helme of - thank you!

Note: Screenshots are from a NetScaler VPX 12.1 - if you are running a different version, the screenshots may look different, but the logic is the same. So that I have something to bind these policies to, I've also already created a load-balancing virtual server named lb_web_ssl and a Service Group for two TurnKey LAMP servers on the back-end.

The X-Frame-Options header is designed to guard against clickjacking (an attack where malicious content is hidden beneath a clickable button or element on a web si…

ONTAP Configuration Compliance Auditing with PowerShell and Pester

I have been looking for a way to validate NetApp cluster configuration settings (once a configuration setting is set, I want to validate that it was set properly in a programmatic fashion) and prevent configuration drift (if a setting is different than its expected value, I want to know about it). I needed it to be able to scale out to dozens of clusters as well, so it needed to be something that I could run both automatically and on an ad-hoc basis if necessary.

NetApp PowerShell Toolkit

The core of the solution is the NetApp PowerShell Toolkit, without which this would likely not be possible. It contains 2300+ cmdlets for provisioning and managing NetApp storage components. It can be downloaded from the ToolChest on the NetApp MySupport site (with a valid login). You'll find exhaustive documentation there as well for each of the cmdlets along with syntax examples and sample code. It is a fantastic and easy way to automate common storage tasks - we use it in our environment for e…

How To: Unjoin NetApp Nodes from a Cluster

Let me paint you a word picture:

You've upgraded to a shiny new AFF - it's all racked, stacked, cabled and ready to rock. You've moved your volumes onto the new storage and your workloads are performing beautifully (of course) and it's time to put your old NetApp gear out to pasture.

We're going to learn how to unjoin nodes from an existing cluster. But wait! There are several prerequisites that must be met before the actual cluster unjoin can be done.

Ensure that you have either moved volumes to your new aggregates or offlined and deleted any unused volumes.Offline and delete aggregates from old nodes.Re-home data LIFs or disable/delete if they are not in use.Disable and delete intercluster LIFs for the old nodes (and remove them from any Cluster Peering relationships)Remove the old node's ports from any Broadcast Domains or Failover Groups that they may be a member of.Move epsilon to one of the new nodes (let's assume nodes 3 and 4 are the new nodes, in th…