Use the NetApp Volumes remote MCP server

This document shows you how to use the Google Cloud NetApp Volumes remote Model Context Protocol (MCP) server to connect with AI applications including Gemini CLI, ChatGPT, Claude, and custom applications you are developing. The NetApp Volumes remote MCP server lets you access and run NetApp Volumes tools to manage NetApp Volumes storage pools and volumes from your AI-enabled development environments and AI agent platforms. The Google Cloud NetApp Volumes remote MCP server is enabled when you enable the Google Cloud NetApp Volumes API.

Model Context Protocol (MCP) standardizes how large language models (LLMs) and AI applications or agents connect to external data sources. MCP servers let you use their tools, resources, and prompts to take actions and get updated data from their backend service.

What's the difference between local and remote MCP servers?

Local MCP servers
Typically run on your local machine and use the standard input and output streams (stdio) for communication between services on the same device.
Remote MCP servers
Run on the service's infrastructure and offer an HTTP endpoint to AI applications for communication between the AI MCP client and the MCP server. For more information about MCP architecture, see MCP architecture.

You might want to use the NetApp Volumes local MCP server for the following reasons:

  • Run the service within your own network boundaries
  • Modify or extend the server's capabilities
  • Local development and testing
  • Offline MCP use
  • Provision and manage NetApp Volumes storage pools and volumes from your AI application

For more information about how to use NetApp Volumes local MCP server, see NetApp Volumes MCP server. The following sections only apply to the Google Cloud NetApp Volumes remote MCP server.

Google Cloud remote MCP servers

Google and Google Cloud remote MCP servers have the following features and benefits:

  • Simplified, centralized discovery
  • Managed global or regional HTTP endpoints
  • Fine-grained authorization
  • Optional prompt and response security with Model Armor protection
  • Centralized audit logging

For information about other MCP servers and information about security and governance controls available for Google Cloud MCP servers, see Google Cloud MCP servers overview.

Limitations

The following table summarizes the operations blocked by the NetApp Volumes remote MCP server for each feature:

Features Operations
Storage pools CreateStoragePool
UpdateStoragePool
DeleteStoragePool
Volumes CreateVolume
UpdateVolume
DeleteVolume
Snapshots UpdateSnapshot
DeleteSnapshot
RevertVolume
Backups UpdateBackup
DeleteBackup
Backup policies and vaults CreateBackupPolicy
UpdateBackupPolicy
DeleteBackupPolicy
CreateBackupVault
UpdateBackupVault
DeleteBackupVault

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    Go to project selector

  3. If you're using an existing project for this guide, verify that you have the permissions required to complete this guide. If you created a new project, then you already have the required permissions.

  4. Enable the NetApp Volumes API.

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.

    Enable the API

  5. Install the Google Cloud CLI.

  6. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  7. To initialize the gcloud CLI, run the following command: 

    gcloud init

  8. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    Go to project selector

  9. If you're using an existing project for this guide, verify that you have the permissions required to complete this guide. If you created a new project, then you already have the required permissions.

  10. Enable the NetApp Volumes API.

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.

    Enable the API

  11. Install the Google Cloud CLI.

  12. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  13. To initialize the gcloud CLI, run the following command: 

    gcloud init

Required roles

To get the permissions that you need to use the NetApp Volumes MCP server, ask your administrator to grant you the following IAM roles on the project where you want to use the NetApp Volumes MCP server:

  • Make MCP tool calls: MCP Tool User (roles/mcp.toolUser)
  • List storage pools, volumes, backup vaults, backup policies, backups, or snapshots: NetApp Volumes Viewer (roles/netapp.viewer)
  • Gets the details of a specific pool, volume, backup vault, backup policy, backup, or snapshot: NetApp Volumes Viewer (roles/netapp.viewer)
  • Create a backup or snapshot: NetApp Volumes Admin (roles/netapp.admin)

For more information about granting roles, see Manage access to projects, folders, and organizations.

These predefined roles contain the permissions required to use the NetApp Volumes MCP server. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

The following permissions are required to use the NetApp Volumes MCP server:

  • Make MCP tool calls: mcp.tools.call
  • List storage pools in a given project and location: netapp.storagePools.list
  • List volumes in a given project and location: netapp.volumes.list
  • List backup vaults in a given project and location: netapp.backupVaults.list
  • List backup policies in a given project and location: netapp.backupPolicies.list
  • List backups in a given project and location: netapp.backups.list
  • List snapshots in a given project and location: netapp.snapshots.list
  • Get storage pools in a given project and location: netapp.storagePools.get
  • Get volumes in a given project and location: netapp.volumes.get
  • Get backup vaults in a given project and location: netapp.backupVaults.get
  • Get backup policies in a given project and location: netapp.backupPolicies.get
  • Get backups in a given project and location: netapp.backups.get
  • Get snapshots in a given project and location: netapp.snapshots.get
  • Create a backup: netapp.backups.create
  • Create a snapshot: netapp.snapshots.create

You might also be able to get these permissions with custom roles or other predefined roles.

Authentication and authorization

The Google Cloud NetApp Volumes remote MCP server uses the OAuth 2.0 protocol with Identity and Access Management (IAM) for authentication and authorization. All Google Cloud identities are supported for authentication to MCP servers.

The NetApp Volumes remote MCP server doesn't accept API keys.

We recommend that you create a separate identity for agents using MCP tools so that access to resources can be controlled and monitored. For more information on authentication, see Authenticate to MCP servers.

NetApp Volumes MCP OAuth scopes

OAuth 2.0 uses scopes and credentials to determine if an authenticated principal is authorized to take a specific action on a resource. For more information about OAuth 2.0 scopes at Google, read Using OAuth 2.0 to access Google APIs.

NetApp Volumes has the following MCP tool OAuth scopes:

Scope URI for gcloud CLI Description
https://www.googleapis.com/auth/netapp View, edit, configure, and delete your Google Cloud NetApp Volumes data, and view the email address for your Google Account.

Additional scopes might be required on the resources accessed during a tool call. To view a list of scopes required for NetApp Volumes, see NetApp Volumes API.

Configure an MCP client to use the NetApp Volumes MCP server

AI applications and agents, such as Claude or Gemini CLI, can instantiate an MCP client that connects to a single MCP server. An AI application can have multiple clients that connect to different MCP servers. To connect to a remote MCP server, the MCP client must know at a minimum the URL of the remote MCP server.

In your AI application, look for a way to connect to a remote MCP server. You are prompted to enter details about the server, such as its name and URL.

For the NetApp Volumes remote MCP server, enter the following as required:

  • Server name: NetApp Volumes MCP server
  • Endpoint: https://netapp.googleapis.com/mcp
  • Transport: HTTP
  • Authentication details: Depending on how you want to authenticate, you can enter your Google Cloud credentials, your OAuth Client ID and secret, or an agent identity and credentials. For more information about authentication, see Authenticate to MCP servers.
  • OAuth scope: the OAuth 2.0 scope that you want to use when connecting to the Google Cloud NetApp Volumes MCP server.

For host specific guidance, see the following:

For more general guidance, see the following resources:

Available tools

To view details of available MCP tools and their descriptions for the NetApp Volumes MCP server, see the NetApp Volumes MCP reference.

List tools

Use the MCP inspector to list tools, or send a tools/list HTTP request directly to the NetApp Volumes remote MCP server. The tools/list method doesn't require authentication.

POST /mcp HTTP/1.1
Host: netapp.googleapis.com
Content-Type: application/json

{
  "jsonrpc": "2.0",
  "method": "tools/list"
}

Sample use cases

The following are sample use cases for the NetApp Volumes MCP server.

Discover and manage storage inventory

This sample use case for the NetApp Volumes MCP server helps platform engineers discover and retrieve details about their storage resources. The NetApp Volumes MCP server lets you query storage inventory and configuration details using natural language. This capability helps you retrieve mount paths or capacity metrics without navigating the Google Cloud console.

Sample prompt:

"Find the finance-db volume and tell me the export path."

Workflow: The workflow for listing the export path of a volume might look like the following:

  • Search for resources: The agent uses the list_volumes tool to find the volume with the specified name.

  • Identify details: The agent parses the response to extract the exportPath field.

  • Respond to user: The agent provides the mount path or IP address of that volume to you.

Identify highly utilized volumes

Another use case is to monitor storage utilization. You can use natural language to identify volumes that are nearing their capacity limits.

Sample prompt:

"Find the volumes that have a utilization greater than 90%."

Workflow: The workflow for listing volumes with utilization greater than 90% might look like the following:

  • Get volume list: The agent uses the list_volumes tool to get a list of volumes in the project.

  • Filter by utilization: The agent analyzes the capacity and usage metrics for each volume to identify those exceeding the threshold.

  • Summarize findings: The agent provides a list of highly utilized volumes to the user.

Protect data with snapshots

A common use case for an application developer is to create a snapshot of a volume before deploying code changes. You must perform the volume reversion by using the Google Cloud console or the Google Cloud CLI because the AI assistant can't perform this action. However, the assistant can create a snapshot to protect your data.

Sample prompt:

"Snapshot the app-data volume before I deploy."

Workflow: The workflow for creating a snapshot of a volume might look like the following:

  • Locate volume: The agent identifies the volume ID for app-data.

  • Create snapshot: The agent uses create_snapshot with the volume ID to create the snapshot.

  • Confirm protection: The agent confirms successful creation and displays the snapshot name and timestamp: Snapshot 'app-data-snap-001' created at 14:00 UTC. The user proceeds with deployment.

Prevent accidental data loss with safety guardrails

In this sample use case, you prevent accidental data loss or unexpected costs. You can configure the NetApp Volumes MCP server to block commands that attempt to delete data or provision high-cost infrastructure.

Sample prompt:

"Delete the archive-logs volume to save space."

Workflow: The workflow for preventing accidental data loss might look like the following:

  • Evaluate request: The MCP service or the agent's safety overrides determine that deleting a volume is restricted.

  • Block action: The service returns an error: "Safe-Mode Error: deletion is not permitted by the AI assistant."

  • Inform user: The agent explains why the request was refused and recommends that you perform the action through the Google Cloud console if necessary.

Optional security and safety configurations

MCP introduces new security risks and considerations due to the wide variety of actions that you can do with the MCP tools. To minimize and manage these risks, Google Cloud offers default settings and customizable policies to control the use of MCP tools in your Google Cloud organization or project.

For more information about MCP security and governance, see AI security and safety.

Use Model Armor

Model Armor is a Google Cloud service designed to enhance the security and safety of your AI applications. It works by proactively screening LLM prompts and responses, protecting against various risks and supporting responsible AI practices. Whether you are deploying AI in your cloud environment, or on external cloud providers, Model Armor can help you prevent malicious input, verify content safety, protect sensitive data, maintain compliance, and enforce your AI safety and security policies consistently across your diverse AI landscape.

When Model Armor is enabled with logging enabled, Model Armor logs the entire payload. This might expose sensitive information in your logs.

Enable Model Armor

You must enable Model Armor APIs before you can use Model Armor.

Console

  1. Enable the Model Armor API.

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles.

    Enable the API

  2. Select the project where you want to activate Model Armor.

gcloud

Before you begin, follow these steps using the Google Cloud CLI with the Model Armor API:

  1. In the Google Cloud console, activate Cloud Shell.

    Activate Cloud Shell

    At the bottom of the Google Cloud console, a Cloud Shell session starts and displays a command-line prompt. Cloud Shell is a shell environment with the Google Cloud CLI already installed and with values already set for your current project. It can take a few seconds for the session to initialize.

  2. Run the following command to set the API endpoint for the Model Armor service.

    gcloud config set api_endpoint_overrides/modelarmor "https://modelarmor.LOCATION.rep.googleapis.com/"

    Replace LOCATION with the region where you want to use Model Armor.

Configure protection for Google and Google Cloud remote MCP servers

To help protect your MCP tool calls and responses you can use Model Armor floor settings. A floor setting defines the minimum security filters that apply across the project. This configuration applies a consistent set of filters to all MCP tool calls and responses within the project.

Set up a Model Armor floor setting with MCP sanitization enabled. For more information, see Configure Model Armor floor settings.

See the following example command:

gcloud model-armor floorsettings update \
--full-uri='projects/PROJECT_ID/locations/global/floorSetting' \
--enable-floor-setting-enforcement=TRUE \
--add-integrated-services=GOOGLE_MCP_SERVER \
--google-mcp-server-enforcement-type=INSPECT_AND_BLOCK \
--enable-google-mcp-server-cloud-logging \
--malicious-uri-filter-settings-enforcement=ENABLED \
--add-rai-settings-filters='[{"confidenceLevel": "MEDIUM_AND_ABOVE", "filterType": "DANGEROUS"}]'

Replace PROJECT_ID with your Google Cloud project ID.

Note the following settings:

  • INSPECT_AND_BLOCK: The enforcement type that inspects content for the Google MCP server and blocks prompts and responses that match the filters.
  • ENABLED: The setting that enables a filter or enforcement.
  • MEDIUM_AND_ABOVE: The confidence level for the Responsible AI - Dangerous filter settings. You can modify this setting, though lower values might result in more false positives. For more information, see Model Armor confidence levels.

Disable scanning MCP traffic with Model Armor

To stop Model Armor from automatically scanning traffic to and from Google MCP servers based on the project's floor settings, run the following command:

gcloud model-armor floorsettings update \
  --full-uri='projects/PROJECT_ID/locations/global/floorSetting' \
  --remove-integrated-services=GOOGLE_MCP_SERVER

Replace PROJECT_ID with the Google Cloud project ID. Model Armor doesn't automatically apply the rules defined in this project's floor settings to any Google MCP server traffic.

Model Armor floor settings and general configuration can impact more than just MCP. Because Model Armor integrates with services like Vertex AI, any changes you make to floor settings can affect traffic scanning and safety behaviors across all integrated services, not just MCP.

Control MCP use with IAM deny policies

Identity and Access Management (IAM) deny policies help you secure Google Cloud remote MCP servers. Configure these policies to block unwanted MCP tool access.

For example, you can deny or allow access based on:

  • The principal
  • Tool properties like read-only
  • The application's OAuth client ID

For more information, see Control MCP use with Identity and Access Management.

What's next