There are multiple ways to do authentication to NetApp systems when using the PowerShell Toolkit. This ranges from the simple and obvious one-time connection, to securely storing credentials for future use. Saving credentials can be useful when executing scripts from a host non-interactively, such as with scheduled tasks or triggered through another script.
Connecting to a Single Controller
Connect-NcController is the standard method of connecting to a clustered Data ONTAP controller.
Connect-NaController is the 7-mode equivalent and works identically. Additionally, the same credential rules apply for the
Invoke-NaSsh cmdlets as well.
Arguably the most common method of connecting to a controller is by simply providing the hostname:
# this will attempt to connect to the specified controller using stored credentials, or if none
# are found, will prompt for credentials. it will also default to HTTPS, with a fallback to HTTP
If you are connecting to an SVM’s management interface this will work as expected, though some cmdlets won’t work because of the limited scope. If you want to connect to an SVM by tunneling through the cluster management interface, use the
Connect-NcController $clusterMgmtLif -Vserver $SvmName
However, there are a number of parameters which change the default behavior.
# force prompt for credentials
Connect-NcController $myController -Credential (Get-Credential)
# use HTTPS or fail to connect
Connect-NcController $myController -HTTPS
# use HTTP or fail
Connect-NcController $myController -HTTP
Connecting to Multiple Controllers
After connecting to a cluster using the
Connect-NcController cmdlet, the connection is stored in the variable
$global:CurrentNcController and is the default used for all connections. However, we can modify this behavior in several useful ways if desired.
- Don’t save the connection to
This is useful when you will be connecting to multiple clusters/SVMs and want to specify which one to execute each command against.PowerShell12345678910# connect to the first cluster/SVM$favoriteSvm = Connect-NcController $clusterMgmtIP -Vserver Favorite -Credential $credential -Transient# connect to the second cluster/SVM$hatedSvm = Connect-NcController $clusterMgmtIP -Vserver Hated -Credential $credential -Transient# execute cmdlets against one or the otherGet-NcVol -Controller $favoriteSvm | Set-NcVolSize -NewSize +20% -Controller $favoriteSvmGet-NcVol -Controller $hatedSvm | Set-NcVol -Offline -Controller $hatedSvm | Remove-NcVol -Confirm:$false -Controller $hatedSvm
- Multiple values in
Sometimes it’s helpful to connect to multiple clusters or SVMs simultaneously. This will cause each cmdlet to be executed against all values in the
$global:CurrentNcControllerarray in succession.PowerShell123456789101112# connect to the first cluster/SVMConnect-NcController $clusterMgmtIP -Vserver Favorite -Credential $credential# connect to the second (or more) cluster/SVMConnect-NcController $clusterMgmtIP -Vserver SecondFavorite -Credential $credential -Add# execute tasks against both clusters/SVMsGet-NcVol# execute a task against one or the otherGet-NcVol -Controller $global:CurrentNcControllerGet-NcSnapshot -Controller $global:CurrentNcController
By default the
Connect-NcController cmdlet will check for stored credentials and, if none are found, fallback to prompting for them. We can work around this a few different ways.
- Use a variable in your script
PowerShell1234567891011## store the credential in a variable for re-use#$credential = Get-CredentialConnect-NcController $myFavoriteController -Credential $credential# do something using this controllerConnect-NcController $myHatedController -Credential $credential# the first controller will automatically be disconnected. now do something# with the second controller.
- Using the
PowerShell12345678910111213## store the credential using the PowerShell Toolkit#Add-NcCredential -Controller $myController -Credential (Get-Credential)# at this point, $myController can be connected to now and in the future, by the current system# user, without having to provide credentials again. they are stored securely on the system,# and, by default, are only accessible to the user who executed the Add-NcCredential cmdlet.# to make the stored credentials available to anyone on the system, use the -SystemScope# parameter. note that any user on the system would be able to connect to the system with the# stored credential, so be careful when using this parameter.Add-NcCredential -Controller $myController -SystemScope -Credential (Get-Credential)
- Using the
PowerShell12345678## store the creds in a secure manner, then retrieve them. note that only the user# who created the credential object will be able to read it#$credential | Export-Clixml ./credential.xml# retrieve them for useConnect-NcController $controller -Credential (Import-Clixml ./credential.xml)
- Using Plain Text
PowerShell1234567891011## note that this is by far the least secure method#$username = 'admin'$password = 'P@s$w0rd'$ssPassword = ConvertTo-SecureString -String $password -AsPlainText -Force$credential = New-Object System.Management.Automation.PSCredential $username,$ssPasswordConnect-NcController $myController -Credential $credential