NetApp Harvest requires login credentials to access monitored hosts. Although, a generic admin account can be used, it is best practice to create a dedicated monitoring account with the least privilege access.

ONTAP 7-mode supports only username / password based authentication with NetApp Harvest. Harvest communicates with monitored systems exclusively via HTTPS, which is not enabled by default in Data ONTAP 7-mode. Login as a user with full administrative privileges and execute the following steps.

Enabling HTTPS and TLS (ONTAP 7-mode only)

Verify SSL is configured

secureadmin status ssl

If ssl is ‘active’ continue. If not, setup SSL and be sure to choose a Key length (bits) of 2048:

secureadmin setup ssl

SSL Setup has already been done before. Do you want to proceed? [no] yes
Country Name (2 letter code) [US]: NL
State or Province Name (full name) [California]: Noord-Holland
Locality Name (city, town, etc.) [Santa Clara]: Schiphol
Organization Name (company) [Your Company]: NetApp
Organization Unit Name (division): SalesEngineering
Common Name (fully qualified domain name) [sdt-7dot1a.nltestlab.hq.netapp.com]:
Administrator email: noreply@netapp.com
Days until expires [5475] :5475 Key length (bits) [512] :2048

Enable management via SSL and enable TLS

options httpd.admin.ssl.enable on
options tls.enable on  

Creating ONTAP user

Create the role with required capabilities

role add netapp-harvest-role -c "Role for performance monitoring by NetApp Harvest" -a login-http-admin,api-system-get-version,api-system-get-info,api-perf-object-*,api-emsautosupport-log 

Create a group for this role

useradmin group add netapp-harvest-group -c "Group for performance monitoring by NetApp Harvest" -r netapp-harvest-role 

Create a user for the role and enter the password when prompted

useradmin user add netapp-harvest -c "User account for performance monitoring by NetApp Harvest" -n "NetApp Harvest" -g netapp-harvest-group

The user is now created and can be configured for use by NetApp Harvest.