Identify supported Active Directory domain controller topologies

Last reviewed 2023-11-19 UTC

You must have a working layer 3 IP network that lets Cloud Volumes Service (CVS) communicate with Active Directory domain controllers. Microsoft recommends deploying at least two domain controllers for redundancy and availability. You can use a Windows Server virtual machine to support Active Directory, or you can purchase an Active Directory domain controller from the Google Cloud Marketplace.

The following sections illustrate various potential topologies. The diagrams show only the domain controller used by Cloud Volumes Service. Other domain controllers for the same domain are shown only where required.

Active Directory domain controller in same region as Cloud Volumes Service volumes

This diagram shows the simplest deployment mode: a single domain controller in the same region as the Cloud Volumes Service volumes. This topology works for CVS and CVS-Performance service types.

Active Directory domain controller in same region as Cloud Volumes Service volumes

Active Directory domain controller in different region from Cloud Volumes Service volumes

Placing the domain controller in a different region from the Cloud Volumes Service volumes can affect end user authentication and CVS file access performance. Placing domain controllers in a different region is supported for both service types. For the CVS service type, enabling Global Access to Active Directory for the storage pool is required.

Active Directory domain controller in different region from Cloud Volumes Service volumes

Active Directory domain controllers in multiple regions using Active Directory sites

If you are using Cloud Volumes Service volumes in multiple regions, NetApp recommends that you place at least one domain controller in each region.

For the CVS service type, you must either manage domain controller selection using Active Directory sites or enable Global Access to Active Directory for storage pools. If you enable Global Access to Active Directory, using Active Directory sites is optional but recommended.

For the CVS-Performance service type, using Active Directory sites is optional but recommended.

Active Directory domain controller in multiple regions using Active Directory sites

Active Directory domain controller in an on-premises network

Placing the domain controller in a different region from the Cloud Volumes Service volumes can affect end user authentication and CVS file access performance. Using on-premises domain controllers is supported for both service types. For the CVS service type, enabling Global Access to Active Directory for the storage pool is required.

Active Directory domain controller in an on-premises network

Active Directory domain controller in a different VPC network

Google Cloud Virtual Private Cloud (VPC) network peering doesn't allow transitive routing, so placing the domain controller in a different VPC network doesn't work. Consider attaching Cloud Volumes Service to a Shared VPC network that also hosts the Active Directory domain controllers. If you attach Cloud Volumes Service to a Shared VPC network, then this scenario becomes architecturally one of the scenarios in the previous sections.

Active Directory domain controller in a different VPC network