NetApp PowerShell Toolkit: Authentication

There are multiple ways to do authentication to NetApp systems when using the PowerShell Toolkit. This ranges from the simple and obvious one-time connection, to securely storing credentials for future use. Saving credentials can be useful when executing scripts from a host non-interactively, such as with scheduled tasks or triggered through another script.

Connecting to a Single Controller

The Connect-NcController is the standard method of connecting to a clustered Data ONTAP controller. Connect-NaController is the 7-mode equivalent and works identically. Additionally, the same credential rules apply for the Invoke-NcSsh and Invoke-NaSsh cmdlets as well.

Arguably the most common method of connecting to a controller is by simply providing the hostname:

If you are connecting to an SVM’s management interface this will work as expected, though some cmdlets won’t work because of the limited scope. If you want to connect to an SVM by tunneling through the cluster management interface, use the -Vserver parameter.

However, there are a number of parameters which change the default behavior.

Connecting to Multiple Controllers

After connecting to a cluster using the Connect-NcController cmdlet, the connection is stored in the variable $global:CurrentNcController and is the default used for all connections. However, we can modify this behavior in several useful ways if desired.

  • Don’t save the connection to $global:CurrentNcController

    This is useful when you will be connecting to multiple clusters/SVMs and want to specify which one to execute each command against.

  • Multiple values in $global:CurrentNcController

    Sometimes it’s helpful to connect to multiple clusters or SVMs simultaneously. This will cause each cmdlet to be executed against all values in the $global:CurrentNcController array in succession.

Providing Credentials

By default the Connect-NcController cmdlet will check for stored credentials and, if none are found, fallback to prompting for them. We can work around this a few different ways.

  • Use a variable in your script
  • Using the Add-NcCredential cmdlet
  • Using the Export-Clixml cmdlet

  • Using Plain Text

Leave a Reply