NetApp ONTAP MCP Server

An intelligent Model Context Protocol (MCP) server for NetApp ONTAP with EMS log access, storage monitoring, and performance metrics.

Features

📋 EMS Log Access

• Search EMS events - Filter by severity, message content, and time

• Recent events - Quick access to latest alerts and warnings

• Structured output - JSON-formatted log entries with timestamps and metadata

💾 Storage Monitoring

• Volume management - List all volumes with size, state, and SVM

• Performance metrics - IOPS, latency, and throughput per volume

• Storage efficiency - Deduplication and compression savings analysis

• Cluster health - Node status, version, and overall cluster information

🚀 Built for Performance

• Metadata caching - 30-minute cache for cluster info and volume lists

• Result limiting - Configurable max records to prevent excessive data transfer

• Request timeouts - Configurable timeouts for slow ONTAP responses

• Bearer token auth - Secure HTTP/SSE access with API key authentication

Prerequisites

• Node.js: Version 18 or higher

• NetApp ONTAP: Version 9.6+ (for full REST API support)

• Admin credentials: Username and password with API access

Installation

1. Clone this repository:

   cd /opt
   sudo git clone <repository-url> ontap-mcp-server
   cd ontap-mcp-server

2. Install dependencies:

   sudo npm install

3. Build the project:

   sudo npm run build

Configuration

Environment Variables

Create /etc/ontap-mcp-server.env:

# NetApp ONTAP Configuration
ONTAP_URL=https://10.54.52.xx
ONTAP_USERNAME=admin
ONTAP_PASSWORD=your-password-here
ONTAP_INSECURE=false

# HTTP Server Configuration
HTTP_HOST=0.0.0.0
HTTP_PORT=3001

# MCP Authentication (generate with: openssl rand -hex 32)
MCP_API_KEY=your-secure-api-key-here

# Optional: Query Configuration
MAX_LOG_ENTRIES=1000
CACHE_TTL_MINUTES=30
REQUEST_TIMEOUT_MS=60000

SSL Certificate Handling

• Production: Use ONTAP_INSECURE=false (default) for proper SSL verification

• Testing/Lab: Use ONTAP_INSECURE=true to ignore self-signed certificate errors

⚠️ Warning: Never use ONTAP_INSECURE=true in production!

Deployment

Ubuntu Server (systemd service)

1. Create the environment file:

   sudo nano /etc/ontap-mcp-server.env
   # Add your configuration (see above)

2. Create systemd service file:

   sudo nano /etc/systemd/system/ontap-mcp-server.service

   [Unit]
   Description=NetApp ONTAP MCP Server
   After=network.target
   
   [Service]
   Type=simple
   User=root
   WorkingDirectory=/opt/ontap-mcp-server
   EnvironmentFile=/etc/ontap-mcp-server.env
   ExecStart=/usr/bin/node /opt/ontap-mcp-server/dist/http-server.js
   Restart=always
   RestartSec=10
   StandardOutput=journal
   StandardError=journal
   
   [Install]
   WantedBy=multi-user.target

3. Enable and start the service:

   sudo systemctl daemon-reload
   sudo systemctl enable ontap-mcp-server
   sudo systemctl start ontap-mcp-server
   sudo systemctl status ontap-mcp-server

4. Check logs:

   sudo journalctl -u ontap-mcp-server -f

Claude Desktop Integration

HTTP/SSE Mode (Remote Access)

Client Configuration:

Edit C:\Users\<username>\AppData\Roaming\Claude\claude_desktop_config.json:

{
  "mcpServers": {
    "ontap-remote": {
      "command": "C:\\Apps-SU\\Node\\npx",
      "args": [
        "-y",
        "mcp-remote",
        "http://10.54.52.16:3001/sse",
        "--allow-http",
        "--header",
        "Authorization: Bearer your-mcp-api-key-here"
      ]
    }
  }
}

Security Notes:

• The MCP_API_KEY environment variable is required for HTTP mode

• All requests to /sse and /message/:sessionId require valid Bearer token

• The /health endpoint remains public for monitoring

• Consider using HTTPS with a reverse proxy (nginx, caddy) in production

Available Tools

EMS Log Tools

search_ems_logs

Search EMS events with flexible filtering.

Parameters:

• severity (optional): Filter by level (emergency, alert, error, notice, informational, debug)

• search (optional): Search text in messages. Supports wildcards (e.g., *disk*)

• max_records (optional): Limit results (default: 1000)

Example:

"Search EMS logs for disk errors in the last hour"

get_recent_events

Quick access to recent EMS events.

Parameters:

• severity (optional): Minimum severity level (default: error)

• count (optional): Number of events to return (default: 10)

Example:

"Show me the latest 20 alert-level events"

Storage Tools

list_volumes

List all storage volumes with details.

Parameters:

• svm (optional): Filter by Storage VM name

• state (optional): Filter by state (online, offline, etc.)

Example:

"List all volumes in SVM 'production'"

get_volume_metrics

Get performance metrics for a specific volume.

Parameters:

• volume_uuid (required): The volume UUID

Example:

"Show performance metrics for volume with UUID abc-123"

get_storage_efficiency

Calculate storage efficiency and savings.

Parameters:

• svm (optional): Filter by Storage VM name

Example:

"What are the deduplication savings across all volumes?"

Cluster Tools

get_cluster_info

Get overall cluster information.

Example:

"Show cluster version and health status"

list_nodes

List all nodes in the cluster.

Example:

"List all cluster nodes with their health status"

Cache Management

clear_cache

Clear metadata cache to force fresh queries.

get_cache_stats

View cache statistics and configuration.

Usage Examples

Log Analysis

"Search for all critical errors in the last 24 hours"
"Show me EMS events containing 'network' from the past hour"
"What are the most recent emergency-level alerts?"

Storage Monitoring

"List all volumes and their current state"
"Show me storage efficiency savings across the cluster"
"What's the performance of volume 'vol1'?"

Cluster Health

"Show cluster information"
"List all nodes and their health status"
"Are there any offline volumes?"

Testing

Test Server Connection

# Health check (no auth required)
curl http://10.54.52.16:3001/health

# SSE endpoint (requires auth - should fail)
curl http://10.54.52.16:3001/sse

# SSE endpoint (with auth - should succeed)
curl -H "Authorization: Bearer your-api-key" http://10.54.52.16:3001/sse

Test ONTAP Connection

# From the server, test ONTAP API directly
curl -k -u admin:password https://your-ontap-cluster/api/cluster

# Test EMS events endpoint
curl -k -u admin:password "https://your-ontap-cluster/api/support/ems/events?max_records=5"

Troubleshooting

"Connection failed: Unable to connect to ONTAP"

Check:

1. ONTAP_URL is correct (include https://)

2. ONTAP server is reachable from the MCP server

3. Firewall allows HTTPS (443) traffic

# Test connectivity
ping your-ontap-cluster
curl -k https://your-ontap-cluster/api/cluster

"Authentication failed: Invalid credentials"

Check:

1. ONTAP_USERNAME and ONTAP_PASSWORD are correct

2. User has API access permissions

3. Account is not locked

"SSL Certificate error"

For testing/lab environments:

# Set ONTAP_INSECURE=true in environment file
sudo nano /etc/ontap-mcp-server.env
# Add: ONTAP_INSECURE=true
sudo systemctl restart ontap-mcp-server

For production:

• Install proper SSL certificates on ONTAP

• Add CA certificate to system trust store

• Use ONTAP System Manager to configure SSL

"Request timeout"

Increase timeout:

# Edit environment file
sudo nano /etc/ontap-mcp-server.env
# Add: REQUEST_TIMEOUT_MS=120000  # 2 minutes
sudo systemctl restart ontap-mcp-server

Server won't start

Check logs:

sudo journalctl -u ontap-mcp-server -n 50

Common issues:

• MCP_API_KEY not set

• ONTAP_USERNAME or ONTAP_PASSWORD missing

• Port 3001 already in use

• Node.js not installed or wrong version

Running Multiple MCP Servers

You can run both ONTAP and InfluxDB MCP servers on the same machine:

• InfluxDB MCP: Port 3000

• ONTAP MCP: Port 3001

Both servers can coexist and be configured in Claude Desktop simultaneously.

Security Best Practices

Server Security

• ✅ Use strong MCP_API_KEY (32+ bytes, generated with openssl rand -hex 32)

• ✅ Enable SSL verification (ONTAP_INSECURE=false) in production

• ✅ Use read-only ONTAP credentials when possible

• ✅ Keep environment file secure (chmod 600 /etc/ontap-mcp-server.env)

• ✅ Run behind HTTPS reverse proxy in production

• ✅ Restrict firewall to specific IP ranges

ONTAP Security

• ✅ Create dedicated API user with minimal permissions

• ✅ Use ONTAP RBAC to limit access scope

• ✅ Enable audit logging for API access

• ✅ Rotate ONTAP passwords regularly

• ✅ Monitor failed authentication attempts

Performance Tips

1. Caching: Cluster info and volume lists are cached for 30 minutes

2. Filtering: Use specific filters (severity, SVM) to reduce result sizes

3. Limits: Adjust MAX_LOG_ENTRIES based on your needs

4. Timeouts: Increase REQUEST_TIMEOUT_MS for slow ONTAP clusters

Development

Local Testing

# Set environment variables
export ONTAP_URL=https://your-cluster
export ONTAP_USERNAME=admin
export ONTAP_PASSWORD=password
export ONTAP_INSECURE=true
export MCP_API_KEY=test-key-123

# Run server
npm run build
npm run start:http

Project Structure

ontap-mcp-server/
├── src/
│   ├── http-server.ts    # Main HTTP/SSE server
│   └── index.ts          # Entry point
├── dist/                 # Compiled JavaScript
├── package.json
├── tsconfig.json
├── .env.example
└── README.md

API Endpoints Reference

Based on NetApp ONTAP REST API:

• GET /api/support/ems/events - EMS log events

• GET /api/storage/volumes - Volume list

• GET /api/storage/volumes/{uuid}/metrics - Volume performance

• GET /api/cluster - Cluster information

• GET /api/cluster/nodes - Node list

Full API documentation: https://docs.netapp.com/us-en/ontap-automation/

License

MIT

Resources

• NetApp ONTAP REST API Documentation

• EMS Events API

• Storage Volumes API

• Model Context Protocol