Configure a Connector to use a proxy server
If your corporate policies require you to use a proxy server for all communication to the internet, then you need to configure your Connectors to use that proxy server. If you didn't configure a Connector to use a proxy server during installation, then you can configure the Connector to use that proxy server at any time.
Configuring the Connector to use a proxy server provides outbound internet access if a public IP address or a NAT gateway isn't available. This proxy server provides only the Connector with an outbound connection. It doesn't provide any connectivity for Cloud Volumes ONTAP systems.
If Cloud Volumes ONTAP systems don't have an outbound internet connection to send AutoSupport messages, BlueXP automatically configures those Cloud Volumes ONTAP systems to use a proxy server that's included with the Connector. The only requirement is to ensure that the Connector's security group allows inbound connections over port 3128. You'll need to open this port after you deploy the Connector.
Supported configurations
-
BlueXP supports HTTP and HTTPS.
-
The proxy server can be in the cloud or in your network.
-
BlueXP does not support transparent proxy servers.
Enable a proxy on a Connector
When you configure a Connector to use a proxy server, that Connector and the Cloud Volumes ONTAP systems that it manages (including any HA mediators), all use the proxy server.
Note that this operation restarts the Connector. Ensure that the Connector isn't performing any operations before you proceed.
-
Navigate to the Edit BlueXP Connector page.
How you navigate depends on whether you're using BlueXP in standard mode (accessing the BlueXP interface from the SaaS website) or using BlueXP in restricted mode or private mode (accessing the BlueXP interface locally from the Connector host).
Standard mode-
Select the Connector drop-down from the BlueXP header.
-
Select Manage Connectors.
-
Select the action menu for a Connector and select Edit Connector.
Restricted or private mode-
Select the Connector drop-down from the BlueXP header.
-
Select Edit Connector.
-
-
Select HTTP Proxy Configuration.
-
Set up the proxy:
-
Select Enable Proxy.
-
Specify the server using the syntax http://address:port or https://address:port
-
Specify a user name and password if basic authentication is required for the server.
Note the following:
-
The user can be a local user or domain user.
-
For a domain user, you must enter the ASCII code for the \ as follows: domain-name%92user-name
For example: netapp%92proxy
-
BlueXP doesn't support passwords that include the @ character.
-
-
Select Save.
-
Enable direct API traffic
If you configured a Connector to use a proxy server, you can enable direct API traffic on the Connector in order to send API calls directly to cloud provider services without going through the proxy. This option is supported with Connectors that are running in AWS, in Azure, or in Google Cloud.
If you disabled the use of Azure Private Links with Cloud Volumes ONTAP and are using service endpoints instead, then you must enable direct API traffic. Otherwise, the traffic won't be routed properly.
-
Navigate to the Edit BlueXP Connector page:
How you navigate depends on whether you're using BlueXP in standard mode (accessing the BlueXP interface from the SaaS website) or using BlueXP in restricted mode or private mode (accessing the BlueXP interface locally from the Connector host).
Standard mode-
Select the Connector drop-down from the BlueXP header.
-
Select Manage Connectors.
-
Select the action menu for a Connector and select Edit Connector.
Restricted or private mode-
Select the Connector drop-down from the BlueXP header.
-
Select Edit Connector.
-
-
Select Support Direct API Traffic.
-
Select the checkbox to enable the option and then select Save.