Skip to main content
BlueXP ransomware protection

BlueXP ransomware protection prerequisites

Contributors amgrissino netapp-bcammett
PDFs

Get started with BlueXP ransomware protection by verifying the readiness of your operational environment, login, network access, and web browser.

To use BlueXP ransomware protection, you'll need these prerequisites.

In BlueXP

  • A BlueXP user account with Organization Admin privileges for discovering resources.

  • A BlueXP organization with at least one active BlueXP Connector connecting to on-premises ONTAP clusters or connecting to Cloud Volumes ONTAP in AWS or in Azure.

  • The BlueXP Connector must have the cloudmanager-ransomware-protection container in an active state.

  • At least one BlueXP working environment with a NetApp on-premises ONTAP cluster or Cloud Volume ONTAP in AWS or Azure (using NAS or CIFS protocols).

    • ONTAP or Cloud Volume ONTAP clusters with ONTAP OS version 9.11.1 or greater are supported.

    • If your on-premises ONTAP clusters or Cloud Volume ONTAP in AWS or in Azure cloud are not already onboarded in BlueXP, then you'll need a BlueXP Connector.

      Refer to Learn how to configure a BlueXP Connector and standard BlueXP requirements.

      Note If you have multiple BlueXP Connectors in a single BlueXP organization, the BlueXP ransomware protection service will scan ONTAP resources across all Connectors beyond the one that is currently selected in the BlueXP UI.

In ONTAP 9.11.1 and later

  • An ONTAP One license is enabled on the on-premises ONTAP instance.

  • A license for NetApp Autonomous Ransomware Protection, used by BlueXP ransomware protection, enabled on the on-premises ONTAP instance, depending on the version of ONTAP you are using. Refer to Autonomous Ransomware Protection overview.

    Note The general release of BlueXP ransomware protection, unlike the Preview release, includes a license for NetApp Autonomous Ransomware Protection technology. Refer to Autonomous Ransomware Protection overview for details.

    For more licensing details, refer to Learn about BlueXP ransomware protection.

  • To apply protection configurations (such as enabling Autonomous Ransomware Protection and others), BlueXP ransomware protection needs admin permissions on the ONTAP cluster. The ONTAP cluster should have been onboarded using ONTAP cluster admin user credentials only.

  • If the ONTAP cluster is already onboarded in BlueXP using non-admin user credentials, then the non-admin user permissions must be updated with necessary permissions by logging into the ONTAP cluster, described on this page.

For data backups

  • An account in NetApp StorageGRID, AWS S3, or Azure Blob for backup targets and the access permissions set.

    Refer to the AWS, Azure, or S3 permissions list for details.

  • The BlueXP backup and recovery service does not need to be enabled on the working environment.

    The BlueXP ransomware protection service helps configure a backup destination through the Settings option. See Configure settings.

Update non-admin user permissions in an ONTAP working environment

If you need to update non-admin user permissions for a particular working environment, complete these steps.

  1. Log in to BlueXP and look for the working environment that needs its ONTAP user permissions updated.

  2. Double-click on the working environment to see details.

  3. Click View additional information that shows the user name.

  4. Log in to the ONTAP cluster CLI using the admin user.

  5. Display the existing roles for that user. Enter:

    security login show -user-or-group-name <username>

  6. Change the role for the user. Enter:

    security login modify -user-or-group-name <username> -application console|http|ontapi|ssh|telnet -authentication-method password -role admin

  7. Return to the BlueXP ransomware protection UI to use it.