Skip to main content

NetApp E-Series Automation with the SANtricity PowerShell Toolkit

I have a project coming up pretty soon that will require the deployment of multiple E-Series arrays whose configurations are likely going to be very similar if not identical, and I thought "I'm lazy, I don't want to do this manually, let's automate it"! I had seen that there were SANtricity (the operating system that runs on the E-Series arrays) cmdlets, about 300 of them in total, included with the NetApp PowerShell Toolkit, so I started digging in and taking a look. During my investigation, I didn't find a whole lot of end-to-end "how-to"s out there on the Internet, so I am creating my own to share with you!

Note: Prior to getting started, I am going to make the assumption that you have: 

- The NetApp PowerShell Toolkit downloaded and installed (I am using version 9.6)
- A Windows or Linux server to install the Web Services Proxy 
- An E-Series array. I have an E5600, which does not have the embedded Web Services Proxy like the newer arrays (E2700,E2800,EF280, etc.) do. If you have one of those new-fangled models, you can skip directly to step 3. 

1. Start by opening up your PowerShell window and importing the SANtricity module:

(get-help *-ne* | Where-Object 
{$_.ModuleName -eq "NetApp.SANtricity.PowerShell"})

Side note: Get-Help is your best friend when you're exploring a new PowerShell module - it'll tell you everything you need to know about syntax, accepted parameters - and even give you examples!

2. Download and install the Web Services Proxy

The Web Services Proxy acts as the middle layer between your client (in this case, PowerShell) and the array by taking your PS commands and translating them to API calls, which are sent to the array by the Web Services Proxy.

Hit the link below to download the Proxy from NetApp's support site (as of this writing, 3.2 is the latest version):

Web Services Proxy 3.2

Choose the installer that fits your operating system type, accept the license agreement, and the download will start. Once finished, you can run the installer to install it on your server of choice. It's a very straight-forward installation process, but there is full documentation available at as well.

3. Create credential object with PowerShell

Back in your PowerShell window, create a new credential object with the "New-NeCredential" cmdlet, using the appropriate Web Services Proxy credentials:

$NeCredential = New-NeCredential 
-ProxyUrl https://<server>:8443/devmgr 
-SystemCredential (Get-Credential)
It is important to note that the default administrative user name and password for the Web Services Proxy is admin/admin, which is okay for my lab environment, but decidedly not okay for production deployments. The Web Services Proxy supports role-based access control with local authentication (stored as salted SHA256 hashes in a configuration file), HTTP Basic Auth, or LDAP. See page 8 of the Web Services Proxy User Guide for detailed information on how to set up these various authentication methods.

4. Add Storage System to PowerShell session

Once you have a proper credential object stored in the $NeCredential variable, you can create the "NeStorageSystem" object that you'll be interacting with.

New-NeStorageSystem -Credential $NeCredential
-Id 1 -ControllerAddresses <mgmt_interface>
If the command completes without error, you can validate that you are connected successfully by running the "Get-NeStorageSystem" command. You'll see output like this (I trimmed it a bit for length):

Id                               : 1
Name                             : lab-e5600-01
Wwn                              : 60080E500043CEC11000000057B367CE
PasswordStatus                   : valid
PasswordSet                      : False
Status                           : optimal
CertificateStatus                : unknown
Ip1                              :
Ip2                              :
ManagementPaths                  : {,}
Controllers                      : {class DiscoveredController {
                                     ControllerId: 070000000000000000000001
                                     IpAddresses: System.Collections.Generic.List`1[System.String]
                                     CertificateStatus: unknown
                                   , class DiscoveredController {
                                     ControllerId: 070000000000000000000002
                                     IpAddresses: System.Collections.Generic.List`1[System.String]
                                     CertificateStatus: unknown

If you see output like this, you are successfully running commands against your array and ready to run any of the 300 cmdlets that are in the Toolkit. For many of them, you'll just need to reference the SystemId (set to "1" in this example).

I'm planning on writing another couple of short posts soon to share some Pester tests to validate E-Series health and configuration (a follow-up on my ONTAP Pester tests that I worked on last month - check that post out if you missed it) as well as a post to talk about end-to-end automated E-Series deployment with PowerShell. Thanks for reading!

Popular posts from this blog

Step up your HTTP security header game with NetScaler Rewrite Policies

There are a number of HTTP response headers that exist to increase web site security. If set properly, they can ensure that your site is less exposed to many common web vulnerabilities. By no means are these descriptions exhaustive, so I have included some references that can provide a more in-depth explanation at the bottom of each section. I'd also like to give a shout-out to the OWASP Secure Headers Project and Scott Helme of - thank you!

Note: Screenshots are from a NetScaler VPX 12.1 - if you are running a different version, the screenshots may look different, but the logic is the same. So that I have something to bind these policies to, I've also already created a load-balancing virtual server named lb_web_ssl and a Service Group for two TurnKey LAMP servers on the back-end.

The X-Frame-Options header is designed to guard against clickjacking (an attack where malicious content is hidden beneath a clickable button or element on a web si…

How To: Unjoin NetApp Nodes from a Cluster

Let me paint you a word picture:

You've upgraded to a shiny new AFF - it's all racked, stacked, cabled and ready to rock. You've moved your volumes onto the new storage and your workloads are performing beautifully (of course) and it's time to put your old NetApp gear out to pasture.

We're going to learn how to unjoin nodes from an existing cluster. But wait! There are several prerequisites that must be met before the actual cluster unjoin can be done.

Ensure that you have either moved volumes to your new aggregates or offlined and deleted any unused volumes.Offline and delete aggregates from old nodes.Re-home data LIFs or disable/delete if they are not in use.Disable and delete intercluster LIFs for the old nodes (and remove them from any Cluster Peering relationships)Remove the old node's ports from any Broadcast Domains or Failover Groups that they may be a member of.Move epsilon to one of the new nodes (let's assume nodes 3 and 4 are the new nodes, in th…

NetApp ONTAP 9.3 Simulator Deployment - Part 1

I am going to be doing a few of these simulator/lab posts in an effort to set up an environment that will pave the way for future guides and blog posts. Hopefully it'll also be a good resource for folks that want to set up their own labs to test out new features and software versions. Today I'm going to show the steps required to deploy Netapp's ONTAP Simulator 9.3 on vSphere 6.5.  I'll also be doing a follow-up article that will detail the process of clustering a second node with this first one.

Note: My lab has vCenter 6.5 deployed along with a Distributed vSwitch, so the steps will be specific to that deployment. I will also assume that you already have basic networking and storage for your virtual machines in place.

Step 1: Deploying the Simulator

1. Browse out to, click on "Sign In" in the upper right-hand corner and log in using your NetApp account credentials.

2. Click on the Downloads drop-down at the top of the screen and c…