Skip to main content
BlueXP setup and administration

Deploy the Connector in private mode

Contributors netapp-bcammett

Deploy the Connector in private mode so that you can use BlueXP with no outbound connectivity to the BlueXP software as a service (SaaS) layer. To get started, install the Connector, set up BlueXP by accessing the user interface that's running on the Connector, and then provide the cloud permissions that you previously set up.

Step 1: Install the Connector

Download the product installer from the NetApp Support Site and then manually install the Connector on your own Linux host.

If you want to use BlueXP in the AWS Secret Cloud or the AWS Top Secret Cloud, then you should follow separate instructions to get started in those environments. Learn how to get started with Cloud Volumes ONTAP in the AWS Secret Cloud or Top Secret Cloud

Before you begin
  • Root privileges are required to install the Connector.

  • Depending on your operating system, either Podman or Docker Engine is required before you install the Connector.

Steps
  1. Download the Connector software from the NetApp Support Site

    Be sure to download the offline installer for private networks without internet access.

  2. Copy the installer to the Linux host.

  3. Assign permissions to run the script.

    chmod +x /path/BlueXP-Connector-offline-<version>

    Where <version> is the version of the Connector that you downloaded.

  4. Run the installation script:

    sudo /path/BlueXP-Connector-offline-<version>

    Where <version> is the version of the Connector that you downloaded.

Result

The Connector software is installed. You can now set up BlueXP.

Step 2: Set up BlueXP

When you access the BlueXP console for the first time, you'll be prompted to set up BlueXP.

Steps
  1. Open a web browser and enter https://ipaddress where ipaddress is the IP address of the Linux host where you installed the Connector.

    You should see the following screen.

    A screenshot of the Welcome page that appears after you enter the IP address of the Connector into your web browser.

  2. Select Set Up New BlueXP Connector and follow the prompts to set up the system.

    • System Details: Enter a name for the Connector and your company name.

      A screenshot of the System Details page that prompts you to enter the BlueXP name and Company name.

    • Create an Admin User: Create the admin user for the system.

      This user account runs locally on the system. There's no connection to the auth0 service available through BlueXP.

    • Review: Review the details, accept the license agreement, and then select Set Up.

  3. Log in to BlueXP using the admin user that you just created.

Result

The Connector is now installed and set up.

When new versions of the Connector software are available, they'll be posted to the NetApp Support Site. Learn how to upgrade the Connector.

What's next?

Provide BlueXP with the permissions that you previously set up.

Step 3: Provide permissions to BlueXP

If you want to create Cloud Volumes ONTAP working environments, you'll need to provide BlueXP with the cloud permissions that you previously set up.

AWS IAM role

Attach the IAM role that you previously created to the Connector EC2 instance.

Steps
  1. Go to the Amazon EC2 console.

  2. Select Instances.

  3. Select the Connector instance.

  4. Select Actions > Security > Modify IAM role.

  5. Select the IAM role and select Update IAM role.

Result

BlueXP now has the permissions that it needs to perform actions in AWS on your behalf.

AWS access key

Provide BlueXP with the AWS access key for an IAM user that has the required permissions.

Steps
  1. In the upper right of the BlueXP console, select the Settings icon, and select Credentials.

    A screenshot that shows the Settings icon in the upper right of the BlueXP console.

  2. Select Add Credentials and follow the steps in the wizard.

    1. Credentials Location: Select Amazon Web Services > Connector.

    2. Define Credentials: Enter an AWS access key and secret key.

    3. Marketplace Subscription: Associate a Marketplace subscription with these credentials by subscribing now or by selecting an existing subscription.

    4. Review: Confirm the details about the new credentials and select Add.

Result

BlueXP now has the permissions that it needs to perform actions in AWS on your behalf.

Azure role

Go to the Azure portal and assign the Azure custom role to the Connector virtual machine for one or more subscriptions.

Steps
  1. From the Azure Portal, open the Subscriptions service and select your subscription.

    It's important to assign the role from the Subscriptions service because this specifies the scope of the role assignment at the subscription level. The scope defines the set of resources that the access applies to. If you specify a scope at a different level (for example, at the virtual machine level), your ability to complete actions from within BlueXP will be affected.

  2. Select Access control (IAM) > Add > Add role assignment.

  3. In the Role tab, select the BlueXP Operator role and select Next.

    Note BlueXP Operator is the default name provided in the BlueXP policy. If you chose a different name for the role, then select that name instead.
  4. In the Members tab, complete the following steps:

    1. Assign access to a Managed identity.

    2. Select Select members, select the subscription in which the Connector virtual machine was created, under Managed identity, choose Virtual machine, and then select the Connector virtual machine.

    3. Select Select.

    4. Select Next.

    5. Select Review + assign.

    6. If you want to manage resources in additional Azure subscriptions, switch to that subscription and then repeat these steps.

Result

BlueXP now has the permissions that it needs to perform actions in Azure on your behalf.

Azure service principal

Provide BlueXP with the credentials for the Azure service principal that you previously setup.

Steps
  1. In the upper right of the BlueXP console, select the Settings icon, and select Credentials.

    A screenshot that shows the Settings icon in the upper right of the BlueXP console.

  2. Select Add Credentials and follow the steps in the wizard.

    1. Credentials Location: Select Microsoft Azure > Connector.

    2. Define Credentials: Enter information about the Microsoft Entra service principal that grants the required permissions:

      • Application (client) ID

      • Directory (tenant) ID

      • Client Secret

    3. Marketplace Subscription: Associate a Marketplace subscription with these credentials by subscribing now or by selecting an existing subscription.

    4. Review: Confirm the details about the new credentials and select Add.

Result

BlueXP now has the permissions that it needs to perform actions in Azure on your behalf.

Google Cloud service account

Associate the service account with the Connector VM.

Steps
  1. Go to the Google Cloud portal and assign the service account to the Connector VM instance.

  2. If you want to manage resources in other projects, grant access by adding the service account with the BlueXP role to that project. You'll need to repeat this step for each project.

Result

BlueXP now has the permissions that it needs to perform actions in Google Cloud on your behalf.