NetApp Cloud Volumes Service for AWS documentation Flashcards

1
Q

What is CVS for AWS?

A

NetApp Cloud Volumes Service for AWS is a cloud native file service that provides NAS volumes over NFS and SMB with all-flash performance. This service enables any workload, including legacy applications, to run in the AWS cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Benefits of using Cloud Volumes Service for AWS

A

Consistent high performance

Data protection without performance impacts

Instant cloning to support operations, development, and test workflows

Support for NFSv3 and SMB 2.1, 3.0, and 3.1.1 NAS protocols

Secure access to Linux and Windows Elastic Container Service (ECS) instances, with support including the following:

Amazon Linux 2, Red Hat Enterprise Linux 7.5, SLES 12 SP3, and Ubuntu 16.04 LTS

Windows Server 2008 R2, Windows Server 2012 R2, and Windows Server 2016

Fully managed service, therefore no need to configure or manage storage devices

Choice of bundled and pay-as-you-go pricing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Selecting the region?

A

Cloud Volumes Service is available in many AWS regions. You must specify the region where you want to use the service before you create a cloud volume.

Steps
Navigate to the NetApp Cloud Orchestrator site, and then log in with the email address that you provided during your subscription.

You should bookmark this URL. You will need to return to it later.

From the Available regions drop-down menu in the top panel, select the region that you want to work in.

This selection process is similar to how you change regions in the AWS console.

Selecting the region
Repeat the above step for each additional region when you want to create a cloud volume.

Note: The regions displayed in the Cloud Volumes user interface may use a different format than the region you selected in the AWS user interface. For example us-east-1 in the Cloud Volumes UI corresponds to the N.Virginia region selected in the AWS console. See Regions and Availability Zones for a mapping of the region names to make sure you select the same region in both interfaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What’s new August 2018

A

Ability to select data encryption for SMB shares

Ability to select the security styles of NTFS or UNIX for shares exported via both NFS and SMB

Display for NFS and SMB mount instructions for shares exported via both NFS and SMB

Support for multiple Active Directory servers

Support in the following AWS regions: us-east-1 (N. Virginia), us-west-1 (N. California), and us-west-2 (Oregon)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What’s new September 2018?

A

RESTful API support and online examples: Cloud Volumes APIs

Support in the following AWS regions: eu-central-1 (Frankfurt) and eu-west-1 (Ireland)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What’s new November 2018?

A

Support for SMB 2.1 protocol

Support in the following AWS regions: ap-northeast-1 (Tokyo), ap-southeast-2 (Sydney), and eu-west-2 (London)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What’s new December 2018?

A

NetApp Cloud Sync support is now available from the Cloud Volumes Service user interface in all supported regions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What’s new January 2019?

A

NetApp Cloud Volumes Service is now publicly available on the AWS Marketplace

Access from on-prem clients is now supported via AWS Direct Connect and Virtual Private Gateways

A service status webpage is now available at https://status.services.cloud.netapp.com/ so you can verify availability of the CVS service in each supported region

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What’s new February 2019?

A

Beta release of Cloud Backup Service for US-WEST-2: Managing backups using Cloud Backup Service (beta for US-WEST-2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What’s new March 2019?

A

Added support for Microsoft Active Directory in the AWS Cloud (AWS Managed Microsoft AD) for SMB cloud volumes.

The control plane for us-east-1 and us-west-1 now have their own UI URL and API endpoint. Previously these regions shared the same control plane.

Sample Python scripts have been added for RESTful API support: Cloud Volumes APIs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What’s new July 2019?

A

Creating a volume from a snapshot is now rapid, and the volume is available within seconds regardless of the amount of data in the parent volume.

The user interface now displays the used capacity per volume.

The API has been updated to report used capacity, and total inodes and used inodes.

The API has been updated to use the same service levels names as the user interface (Standard, Premium, and Extreme).

The sample Python scripts have been updated to match the updated APIs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What’s new August 2019?

A

Added sample Python scripts for Active Directory functions (Cloud Volumes APIs).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the prerequisites for Cloud Volumes Service for AWS?

A

You must have subscribed to Cloud Volumes Service for AWS before you can perform the Cloud Volumes tasks that are described in this documentation. The subscription process includes the initial setup and configuration that are required for using the service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What do you need setup to create a CVS Volume?

A

You create cloud volumes from the NetApp Cloud Orchestrator site.

Your AWS environment must meet certain requirements before you can create your first cloud volume. For each AWS region where you plan to deploy cloud volumes, you must have a:

Virtual Private Cloud (VPC)

Virtual Private Gateway (VGW) that is connected to your VPC

Subnet for the VPC

Routes defined that include the network on which cloud volumes will run

Optionally, a Direct Connect Gateway

You must have the following information available when creating your first cloud volume in a region:

AWS account ID: A 12-digit Amazon account identifier with no dashes.

Classless Inter-Domain Routing (CIDR) Block: An unused IPv4 CIDR block. The network must be a /28, and it must also fall within the ranges reserved for private networks (RFC 1918). Do not choose a network that overlaps your VPC CIDR allocations.

Autonomous System Number (ASN): When using a Virtual Private Gateway, use that ASN. When using a Direct Connect Gateway, use that ASN.

You must have selected the correct region where you want to use the service. See Selecting the region.

If you have not configured the required AWS networking components, see the NetApp Cloud Volumes Service for AWS Account Setup guide for details.

Note: When planning to create an SMB volume, you must have a Windows Active Directory server available to which you can connect. You will enter this information when creating the volume. Also, make sure that the Admin user is able to create a machine account in the Organizational unit (OU) path specified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Creating a volume: Enter volume details

A

Complete the fields at the top of the Create Volume page to define the volume name, size, service level, and more.

After you have logged in to the NetApp Cloud Orchestrator site with the email address that you provided during your subscription, and you have selected the region, click the Create new volume button.

Create Volume page
From the Create Volume page, select NFS, SMB, or Dual-protocol as the protocol for the volume you want to create.

In the Name field, specify the name you want to use for the volume.

In the Region field, select the AWS region where you want to create the volume. This region must match the region you configured on AWS.

In the Timezone field, select your time zone.

In the Volume path field, specify the path you want to use or accept the automatically generated path.

(Optional) In the Create from snapshot field, select the name of an existing snapshot that will be used to create a volume.

In the Service level field, select the level of performance for the volume: Standard, Premium, or Extreme.

See Selecting the appropriate service level and allocated capacity for details.

In the Allocated capacity field, select the size of the volume.

Selecting the appropriate service level and allocated capacity

If you selected Dual-protocol, you can select the security style in the Security style field by selecting NTFS or UNIX from the drop-down menu.

Security styles affect the file permission type used and how permissions can be modified.

UNIX uses NFSv3 mode bits, and only NFS clients can modify permissions.

NTFS uses NTFS ACLs, and only SMB clients can modify permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Creating a volume: Enter network details (one-time setting per AWS region)

A

If this is the first time you have created a cloud volume in this AWS region, the Network section is displayed so you can connect your Cloud Volumes account to your AWS account:

In the CIDR (IPv4) field, enter the desired IPv4 range for the region. The network must be a /28. The network must also fall within the ranges reserved for private networks (RFC 1918). Do not choose a network that overlaps your VPC CIDR allocations.

In the Autonomous System Number (ASN) field, enter the ASN. When using a VGW in your AWS configuration, use that ASN. When using a Direct Connect Gateway, use that ASN.

In the AWS account ID field, enter your 12-digit Amazon account identifier with no dashes.

Configure network settings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Creating a volume: Enter export policy rules (optional)

A

If you selected NFS or Dual-protocol, you can create an export policy in the Export policy section to identify the clients that can access the volume:

In the Allowed clients field, specify the allowed clients by using an IP address or Classless Inter-Domain Routing (CIDR).

In the Access field, select Read & Write or Read only.

Add export policy rule
Click + Add export policy rule if you want to define additional export policy rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Creating a volume: Enable data encryption (optional)

A

If you selected SMB or Dual-protocol, you can enable SMB session encryption by checking the box for the Enable SMB3 Protocol Encryption field.

Note: Do not enable encryption if SMB 2.1 clients need to mount the volume.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Creating a volume: Integrate the volume with an Active Directory server (SMB and Dual Protocol)

A

If you selected SMB or Dual-protocol, you can choose to integrate the volume with a Windows Active Directory server or an AWS Managed Microsoft AD in the Active Directory section.

In the Available settings field, select an existing Active Directory server or add a new AD server.

To configure a connection to a new AD server:

In the DNS server field, enter the IP address of the DNS server.

In the Domain field, enter the domain for the SMB share.

When using AWS Managed Microsoft AD, use the value from the “Directory DNS name” field.

In the NetBIOS field, enter a NetBIOS name for the SMB server that will be created.

In the Organizational unit field, enter “CN=Computers” for connections to your own Windows Active Directory server.

When using AWS Managed Microsoft AD, the Organizational unit must be entered in the format “OU=”. For example, OU=AWSmanagedAD.

To use a nested OU you must call out the lowest level OU first up to the highest level OU. For example: OU=THIRDLEVEL,OU=SECONDLEVEL,OU=FIRSTLEVEL.

In the Username field, enter a username for your Active Directory server.

You can use any username that is authorized to create machine accounts in the Active Directory domain to which you are joining the SMB server.

In the Password field, enter the password for the AD username that you specified.

Active Directory
See Designing a site topology for Active Directory Domain Services for guidelines about designing an optimal Microsoft AD implementation.

See the AWS Directory service setup with NetApp Cloud Volumes Service for AWS guide for detailed instructions for using AWS Managed Microsoft AD.

You should follow the guidance on AWS security group settings to enable cloud volumes to integrate with Windows Active Directory servers correctly. See AWS security group settings for Windows AD servers for more information.
Note: UNIX users mounting the volume using NFS will be authenticated as Windows user “root” for UNIX root and “pcuser” for all other users. Make sure that these user accounts exist in your Active Directory prior to mounting a dual protocol volume when using NFS.

20
Q

Creating a volume: Create a Snapshot policy (optional)

A

If you want to create a snapshot policy for this volume, enter the details in the Snapshot policy section:

Select the snapshot frequency: Hourly, Daily, Weekly, or Monthly.

Select the number of snapshots to keep.

Select the time when the snapshot should be taken.

Snapshot policy
You can create additional snapshot policies by repeating the steps above, or by selecting the Snapshots tab from the left navigation area.

21
Q

Creating the volume: Create the volume

A

Scroll down to the bottom of the page and click Create Volume.

If you have previously created a cloud volume in this region, the new volume appears in the Volumes page.

If this is the first cloud volume you have created in this AWS region and you have entered the networking information in the Network section of this page, a Progress dialog is displayed that identifies the next steps you must follow to connect the volume with AWS interfaces.

Accept virtual interfaces dialog

Accept the virtual interfaces as described in section 6.4 of the NetApp Cloud Volumes Service for AWS Account Setup guide. You must perform this task within 10 minutes or the system may time out.

If the interfaces do not appear within 10 minutes there may be a configuration issue; in which case you should contact support.

After the interfaces and other networking components are created, the volume you created appears in the Volumes page and the Actions field is listed as Available.
A volume is created

22
Q

Mounting a cloud volume

A

You can mount a cloud volume to your AWS instance. Cloud volumes currently support NFSv3 for Linux and UNIX clients and SMB 2.1, 3.0, and 3.1.1 for Windows clients.

Note: Please use the highlighted protocol/dialect supported by your client.

Steps
Obtain mount instructions for the volume you created by clicking the blue question mark (?) at the end of the Export Paths field next to the volume name.

When you hover over the question mark, it displays Show mount instructions.

Show mount instructions

Click the question mark to display the mount instructions.

NFS example:

Mount instructions for NFS

SMB example:

Mount instructions for SMB

Connect to your Amazon Elastic Compute Cloud (EC2) instance by using an SSH or RDP client, and then follow the mount instructions for your instance.

After completing the steps in the mount instructions, you have successfully mounted the cloud volume to your AWS instance.

23
Q

Modifying a cloud volume

A

You can modify existing volumes, including changing the volume name, allocated capacity, or service level.

Steps
Log in to NetApp Cloud Orchestrator.

Click the name of the volume that you want to manage.

Modify the following volume fields as applicable:

Name

Tags

Allocated capacity

Service level

Changing the service level is not disruptive and does not affect client data access.

Selecting the appropriate service level and allocated capacity

24
Q

Deleting a cloud volume

A

You can delete a cloud volume that is no longer needed.

Steps
Unmount the volume from all clients:

On Linux clients, use the umount command.

On Windows clients, click Disconnect network drive.

From the Volumes page, specify the volumes that you want to delete by selecting the corresponding checkboxes, click Actions, and then select Delete volume/s from the drop-down list.

In the confirmation dialog box, type delete to confirm that you want to delete the volume, and then click Delete.

25
Q

Creating an on-demand snapshot for a cloud volume

A

You can create an on-demand snapshot of a cloud volume from either the Volumes or Snapshots page.

26
Q

Creating snapshots from the Volumes page

A

Click the volume name, select Snapshots, and then click + Create new snapshot.

Enter a name for the snapshot, or use the automatically generated name.

Select the volume name, and then, from the drop-down list, select the volume for which you want to create a snapshot.

Click Create snapshot.

The created snapshot appears.

27
Q

Creating snapshots from the Snapshots page

A

Click + Create new snapshot.

Enter a name for the snapshot, or use the automatically generated name.

From the drop-down list, select the volume for which you want to create a snapshot.

Click Create snapshot.

The created snapshot is now listed.

28
Q

Creating or modifying a snapshot policy

A

You can create or modify a snapshot policy as necessary for a cloud volume.

Steps
From the Volumes page, click the volume name, and then select Snapshot policy.

Select Hourly, Daily, Weekly, or Monthly to specify the frequency for creating snapshots.

Configured policies are marked with a green dot. Undefined policies are marked with a red dot.

Select the number of snapshots you want to keep.

Select the day, hour, and minute when the snapshot should be taken.

If you want to create additional snapshots with different frequencies, for example, both monthly and daily snapshots, repeat steps 2 through 4.

Snapshot policy

If the Enabled button is not already set to ON, click the button to enable or re-enable the policy.

Click Save changes.

29
Q

Disabling a snapshot policy

A

You can disable a snapshot policy to stop snapshots from being created for a short period of time while retaining your snapshot policy settings.

Steps
From the Volumes page, click the volume name, and then select Snapshot policy.

Click the Enabled button to OFF to disable snapshots from being created.

Snapshot policy Enable button

Click Save changes.

When you want to re-enable the snapshot policy, click the Enabled button to ON and click Save changes.

30
Q

Deleting a snapshot

A

You can delete a snapshot from the Volumes or Snapshots page.

31
Q

Deleting a snapshot from the Volumes page

A

Click the volume name, and then select Snapshots to see a list of snapshots for the volume.

Specify the snapshots that you want to delete by selecting the corresponding checkboxes, click Actions, and then select Delete snapshot/s from the drop-down list.

Alternatively, you can click Available under Actions, then select Delete snapshot from the drop-down list.

In the confirmation dialog box, type delete to confirm, and then click Delete.

32
Q

Deleting a snapshot from the Snapshots page

A

(Optional) Use the search box to filter the listed snapshots.

Specify the snapshots that you want to delete by selecting the corresponding checkboxes, click Actions, and then select Delete snapshot/s from the drop-down list.

In the confirmation dialog box, type delete to confirm, and then click Delete.

33
Q

Restoring a snapshot to a new volume

A

You can restore a snapshot to a new volume as necessary.

Steps
On the Snapshots page or in the Snapshots section in Volume details, select the snapshot from which to restore, click Available, and then select Restore to Volume.

In the Create Volume dialog box, enter a name for the new volume, and edit other settings if necessary.

Creating a cloud volume

Review the settings and then click Create volume to finish restoring the snapshot to the new volume.

34
Q

Securing NFS access using export policies

A

You can use export policies to restrict NFS access to volumes to clients that match specific parameters.

Export policies contain one or more export rules that process each client access request. The result of the process determines whether the client is denied or granted access and what level of access. An export policy with export rules must exist on a Vserver for clients to access data.

You associate exactly one export policy with each volume to configure client access to the volume. A Vserver can contain multiple export policies. This enables you to do the following for Vservers with multiple volumes:

Assign different export policies to each volume of a Vserver for individual client access control to each volume in the Vserver.
Assign the same export policy to multiple volumes of a Vserver for identical client access control without having to create a new export policy for each volume.
If a client makes an access request that is not permitted by the applicable export policy, the request fails with a permission-denied message. If a client does not match any rule in the volume’s export policy, then access is denied. If an export policy is empty, then all accesses are implicitly denied.

You can modify an export policy dynamically on a system running Data ONTAP.

35
Q

Creating a Cloud Sync data broker

A

Go to the Sync page or the Sync tab for a volume on the Volumes page.

Create a data broker by clicking Create data broker.

Provide information for the following fields:

Name

Provide a name for the data broker.

Type

Select AWS.

Region

Select an available region.

API key

Provide the access key for your AWS account.

Secret key

Provide the secret key for your AWS account.

Keypair

Select an available keypair.

The keypair will be updated after you enter valid keys.

VPC

Select the VPC that is connected to your Cloud Volumes account.

Subnet

Select an available subnet to use for the data broker.

Creating a Cloud Sync data broker
Click Create data broker to start the data broker creation process.

It takes a few minutes to create a data broker.
After the data broker is created, it is marked with a green dot to indicate that it is ready.

36
Q

Creating a Cloud Sync relationship

A

A Cloud Sync relationship enables you to sync data to or from the cloud volume.

Before you begin
You must already have a Cloud Sync data broker.

Creating a Cloud Sync data broker

The data broker IP address must have been added to the export policy for both the source and the target volumes.

The export policy on the target volume must allow write access to the data broker.

Creating additional export policy rules

About this task
The Cloud Sync functionality that is integrated with Cloud Volumes Service currently supports only NFSv3. If you want to sync between SMB volumes, you use the Cloud Sync Service directly (cloudsync.netapp.com).

Steps
Go to the Sync page or the Sync tab for a volume on the Volumes page.

Create a Cloud Sync relationship by clicking Create new relationship.

Take one of the following actions:

To sync data to the volume, select Use volume as target.

To sync data from the volume, select Use volume as source.

Creating a Cloud Sync relationship
In the Host field (unpopulated), enter the IP address of the NFS server that you want to sync to or sync from.

After a few moments, a list of the available exports is automatically discovered.

In the Export field, select one of the available exports.

(Optional) Check the Delete files on target when deleted from source box if you want to delete the files on target when they are deleted from source.

Click Create relationship.

The relationship status is displayed and the file progress fields show the number of files that are copied.

37
Q

Modifying the Cloud Sync schedule

A

When a Cloud Sync relationship is initially created, auto sync is enabled by default and scheduled to run once a day. You can modify the Cloud Sync schedule as appropriate.

Steps
Go to the Sync page or the Sync tab for a volume on the Volumes page to see the Cloud Sync relationships.

Sync relationships
To turn off auto sync for a Cloud Sync relationship, click the blue ON slider for the relationship.

Auto sync slider
To change the sync schedule, click the drop-down list under Schedule, select Day/s or Hour/s, select an interval number, and then click the checkmark.

Modifying the Cloud Sync schedule
To start Cloud Sync immediately, click Done under Action, select Sync Now, and click Sync Now again to confirm.

38
Q

Deleting a Cloud Sync relationship

A

You can delete a Cloud Sync relationship that is no longer needed.

Steps
Go to the Sync page or the Sync tab for a volume on the Volumes page.

Click the box for the relationship you want to delete, click Actions, and then select Delete relationship/s.

In the confirmation dialog box, type delete to confirm, and then click Delete.

39
Q

Deleting a Cloud Sync data broker

A

You can delete a Cloud Sync data broker that is no longer needed.

About this task
This task removes the data broker from cloud volumes, but it does not delete the data broker instance in AWS.

To delete the data broker instance in AWS, you must go to the AWS console for your account, locate the EC2 instance for the broker by name, and then terminate it as needed.

Before you begin
All Cloud Sync relationships that use the data broker must have already been deleted before you can delete the data broker.

Deleting a Cloud Sync Relationship

Steps
Go to the Sync page or the Sync tab for a volume on the Volumes page.

Delete a data broker by clicking the data broker’s name and click the trash can icon.

In the confirmation dialog box, type delete to confirm, and then click Delete.

40
Q

Managing backups using Cloud Backup Service (beta for US-WEST-2)

A

02/14/2019 Contributors netapp-juliec

You can back up NFS cloud volumes by using Cloud Backup Service.

Cloud Backup Service expands the data protection capabilities of Cloud Volumes Service by delivering dedicated backups for long-term recovery, archive, and compliance. Backups created by the service are stored in AWS S3 object storage, independent of cloud volume snapshots that are available for near-term recovery or cloning.

Cloud Backup Service is currently in a beta release and supports only Cloud Volumes Service in the AWS US-WEST-2 region.

Before using Cloud Backup Service, you must understand and accept the terms, requirements, and considerations for using the beta software. See Setting Up Cloud Backup Service for NetApp Cloud Volumes Service for AWS for details and instructions about using the service.

41
Q

Selecting the appropriate service level and allocated capacity

A

The cost for Cloud Volumes Service for AWS is based on the service level and the allocated capacity that you select. Selecting the appropriate service level and capacity helps you meet your storage needs at the lowest cost.

All pricing information in this article is based on the list prices as of September 12, 2018. The information is provided for example purposes only and is subject to change.

42
Q

What are the Service levels?

A

The service levels are catered to different storage capacity and storage bandwidth needs:

Standard (capacity)

If you want capacity at the lowest cost, and your bandwidth needs are limited, then the Standard service level might be most appropriate for you. An example is using the volume as a backup target.

List Price: $0.10 per GB per month (as of September 12, 2018)

Bandwidth: 16 KB of bandwidth per GB provisioned capacity

Premium (a balance of capacity and performance)

If your application has a balanced need for storage capacity and bandwidth, then the Premium service level might be most appropriate for you. This level is less expensive per MB/s than the Standard service level, and it is also less expensive per GB of storage capacity than the Extreme service level.

List Price: $0.20 per GB per month (as of September 12, 2018)

Bandwidth: 64 KB of bandwidth per GB provisioned capacity

Extreme (performance)

The Extreme service level is least expensive in terms of storage bandwidth. If your application demands storage bandwidth without the associated demand for lots of storage capacity, then the Extreme service level might be most appropriate for you.

List Price: $0.30 per GB per month (as of September 12, 2018)

Bandwidth: 128 KB of bandwidth per GB provisioned capacity

43
Q

What is Allocated capacity?

A

You specify your allocated capacity for the volume when you create or modify the volume.

Creating cloud volumes
Modifying cloud volumes

While you would select your service level based on your general, high-level business needs, you should select your allocated capacity size based on the specific needs of applications, for example:

How much storage space the applications need

How much storage bandwidth per second the applications or the users require

Allocated capacity is specified in GBs. A volume’s allocated capacity can be set within the range of 100 GB to 100,000 GB (equivalent to 100 TBs).

44
Q

Bandwidth

A

The combination of both the service level and the allocated capacity you select determines the maximum bandwidth for the volume.

If your applications or users need more bandwidth than your selections, you can change the service level or increase the allocated capacity. The changes do not disrupt data access.

45
Q

Selecting the service level and the allocated capacity

A

To select the most appropriate service level and allocated capacity for your needs, you need to know how much capacity and bandwidth you require at the peak or the edge.