Just make sure the LIF(IP) you are ssh'ing are set to : (Never created SVM in Azure, but in general this is a check list)
role = data data-protocol = none firewall-policy = mgmt vsadmin is un-unlocked and password is correct (simply reset it if you are unsure), I think bydefault ssh as application is allowed for vsadmin but you can always verify.
::> security login show -user-or-group-name vsadmin -vserver <vserver>
::> network interface show -vserver <vserver> -fields role,data-protocol,firewall-policy,address -address <IP_Address>
1) If it's connection refused (22 is allowed on firewall): May be there is something that is blocking, try 'wirehsark' 2) Could you share the output of: ::> network interface show -vserver <vserver> -fields role,data-protocol,firewall-policy,address -address 3) Try to create a separate SVM Mgmt LIF on e0M (role=data,data-protocol=none) and see if it works.
"Note that Cloud Manager creates an SVM management LIF on HA pairs, but not on single node systems in Azure.".
For all the below steps vsadmin has been unlocked and correct credentials are used.
Now we created a Local CVO instance in Azure. We checked the SVM management LIF role = data,data-protocol = none, firewall-policy = mgmt.
With this configuration, we are able to connect to the SVM. Ping works.
In the customer CVO environment, role = data, data-protocol = Cifs,NFs,Fcache, firewall-policy = mgmt. is set.
With this configuration we were unable to SSH to the SVM Lif. Ping works.
Now what we want to do?
Want to create a management only Lif for the SVM in the customer environment with these options LIF role = data,data-protocol = none, firewall-policy = mgmt.
We were unable to create the management only Lif. Neither in the current management Lif, we are able to disable the protocol from Cifs,NFS, fcache to none.
How do I create a new management only Lif for SVM in CVO? How do I get a free IP address for assigning to the Lif?
If you want to suggest to network interface modify, please check in CVO if this option is enabled. We could not find it.
There were other data lifs which were automatically created in the Local CVO instance. By default the Lif settings are role = data, data-protocol = Cifs,NFs,Fcache, firewall-policy = none. We enabled mgmt role in the Lif also. Tried SSH to this Lif. It is not working. Another suggestion to correctly have the same failover-group set for this Lif as in the SVM management Lif. That was also done, however still same problem.
Coming back to hardware FAS box, we created a SVM Lif, with protocol = Cifs,NFs,Fcache, both data and mgmt is enabled for the Lif. We are able to the SVM through this Lif. Conclusion, FAS and CVO Azure SVM Lifs behavior are different.
How do I create a new management only Lif for the Customers SVM in CVO?
Or, in the Customers SVM in CVO, we want to modify the protocol in Mgmt Lif from CIfs, NFs, Fcache to None. How can we do that?
Thanks Abhi for the detailed analysis and for sharing this information. I see your point, CVO is a different ball game, I was just suggesting based on standard (FAS/AFF) Ontap environment.
Interesting point here is : When you spun-up local CVO with only Mgmt LIF it works. However, customer environment is already set with data protocols, and it appears (correct me here), it's not allowing both data+management via SVM. I will have to do some reading on the CVO stuff, I am new to this one but it's definitely worth knowing.
Let's see if there are other avenues of support ? How about support ticket or if you have access to Engineering?
I think this is what happened with the customer's CVO.
They deleted the default SVM Lif which is created automatically when a CVO HA is created.
After that they manually created a management Lif with protocol etc. enabled. With this Lif , we are getting the connection error.
So in summary we have to use the default SVM Lif which is created when CVO HA is created. With this Lif we were able to connect to SVM. Otherwise you cannot create a managament Lif and connect to the SVM is our conclusion. Have to check now in the actual environment to see if this is the case.