Skip to main content
Setup and administration

Learn about BlueXP accounts

Contributors netapp-bcammett

A BlueXP account provides multi-tenancy for your organization, which enables you to organize users and resources in isolated workspaces. For example, a group of users can deploy and manage Cloud Volumes ONTAP working environments in a workspace that isn't visible to users who manage working environments in a different workspace.

When you first access BlueXP, you're prompted to select or create an account. For example, you'll see the following screen if you don't have an account yet:

A screenshot of the BlueXP setup wizard that prompts you for the BlueXP account in which you want to create BlueXP.

BlueXP Account Admins can then modify the settings for this account by managing users (members), workspaces, and Connectors:

A screenshot that shows the Manage Account widget from which you can manage users, workspaces, and Connectors.

Deployment modes

BlueXP offers the following deployment modes for your account: standard mode, restricted mode, and private mode. These modes support environments that have varying levels of security and connectivity restrictions.


Members are BlueXP users that you associate with your BlueXP account. Associating a user with an account and one or more workspaces in that account enables those users to create and manage working environments in BlueXP.

When you associate a user, you assign them a role:

  • Account Admin: Can perform any action in BlueXP.

  • Workspace Admin: Can create and manage resources in the assigned workspace.

  • Compliance Viewer: Can only view compliance information for BlueXP classification and generate reports for workspaces that they have permission to access.


In BlueXP, a workspace isolates any number of working environments from other users in the account. Workspace Admins can't access the working environments in a workspace unless the Account Admin associates the admin with that workspace.

A working environment represents a storage system. For example:

  • A Cloud Volumes ONTAP system

  • An on-premises ONTAP cluster

  • A Kubernetes cluster


A Connector executes the actions that BlueXP needs to perform in order to manage your data infrastructure. The Connector runs on a virtual machine instance that you deploy in your cloud provider or on an on-premises host that you configured.

You can use a Connector with more than one BlueXP service. For example, if you're using a Connector to manage Cloud Volumes ONTAP, you can use that same Connector with another service like BlueXP tiering.


The following examples depict how you might set up your accounts.

Note In both example images that follow, the Connector and the Cloud Volumes ONTAP systems don't actually reside in the BlueXP account—​they're running in a cloud provider. This is a conceptual representation of the relationship between each component.

Multiple workspaces

The following example shows an account that uses two workspaces to create isolated environments. The first workspace is for a production environment and the second is for a dev environment.

A diagram that shows a single BlueXP account that contains two workspaces. Each workspace is associated with the same Connector and each has their own Workspace Admin.

Multiple accounts

Here's another example that shows the highest level of multi-tenancy by using two separate BlueXP accounts. For example, a service provider might use BlueXP in one account to provide services for their customers, while using another account to provide disaster recovery for one of their business units.

Note that account 2 includes two separate Connectors. This might happen if you have systems in separate regions or in separate cloud providers.

A diagram that shows two BlueXP accounts, each with several workspaces and their associated Workspace Admins.