The requested article is not available. Either it doesn't apply to this version of the product or the relevant information is organized differently in this version of the docs. You can search, browse, or go back to the other version.
This may take a few minutes. Thanks for your patience.
Your file is ready
Deploy the Connector in restricted mode so that you can use BlueXP with limited outbound connectivity to the BlueXP software as a service (SaaS) layer. To get started, install the Connector, set up BlueXP by accessing the user interface that's running on the Connector, and then provide the cloud permissions that you previously set up.
Step 1: Install the Connector
Install the Connector from your cloud provider's marketplace or by manually installing the software on your own Linux host.
AWS Commercial Marketplace
AWS Gov Marketplace
Azure Marketplace
Manual install
AWS Commercial Marketplace
AWS Commercial Marketplace
AWS Gov Marketplace
Azure Marketplace
Manual install
Before you begin
You should have the following:
A VPC and subnet that meets networking requirements.
On the Marketplace page, select Continue to Subscribe.
To subscribe to the software, select Accept Terms.
The subscription process can take a few minutes.
After the subscription process is complete, select Continue to Configuration.
On the Configure this software page, ensure that you've selected the correct region and then select Continue to Launch.
On the Launch this software page, under Choose Action, select Launch through EC2 and then select Launch.
These steps describe how to launch the instance from the EC2 Console because the console enables you to attach an IAM role to the Connector instance. This isn't possible using the Launch from Website action.
Follow the prompts to configure and deploy the instance:
Name and tags: Enter a name and tags for the instance.
Application and OS Images: Skip this section. The Connector AMI is already selected.
Instance type: Depending on region availability, choose an instance type that meets RAM and CPU requirements (t3.2xlarge is preselected and recommended).
Key pair (login): Select the key pair that you want to use to securely connect to the instance.
Network settings: Edit the network settings as needed:
Choose the desired VPC and subnet.
Specify whether the instance should have a public IP address.
Specify security group settings that enable the required connection methods for the Connector instance: SSH, HTTP, and HTTPS.
Configure Instance Details: Select a VPC and subnet, choose the IAM role that you created in step 1, enable termination protection (recommended), and choose any other configuration options that meet your requirements.
Add Storage: Keep the default storage options.
Add Tags: Enter tags for the instance, if desired.
Configure Security Group: Specify the required connection methods for the Connector instance: SSH, HTTP, and HTTPS.
Review: Review your selections and select Launch.
Result
AWS launches the software with the specified settings. The Connector instance and software should be running in approximately five minutes.
What's next?
Set up BlueXP.
Before you begin
You should have the following:
A VNet and subnet that meets networking requirements.
From the Azure portal, select Create and follow the steps to configure the virtual machine.
Note the following as you configure the VM:
VM size: Choose a VM size that meets CPU and RAM requirements. We recommend Standard_D8s_v3.
Disks: The Connector can perform optimally with either HDD or SSD disks.
Public IP: If you want to use a public IP address with the Connector VM, the IP address must use a Basic SKU to ensure that BlueXP uses this public IP address.
If you use a Standard SKU IP address instead, then BlueXP uses the private IP address of the Connector, instead of the public IP. If the machine that you're using to access the BlueXP Console doesn't have access to that private IP address, then actions from the BlueXP Console will fail.
Identity: Under Management, select Enable system assigned managed identity.
This setting is important because a managed identity allows the Connector virtual machine to identify itself to Microsoft Entra ID without providing any credentials. Learn more about managed identities for Azure resources.
On the Review + create page, review your selections and select Create to start the deployment.
Result
Azure deploys the virtual machine with the specified settings. The virtual machine and Connector software should be running in approximately five minutes.
What's next?
Set up BlueXP.
Before you begin
You should have the following:
Root privileges to install the Connector.
Details about a proxy server, if a proxy is required for internet access from the Connector.
You have the option to configure a proxy server after installation but doing so requires restarting the Connector.
Note that BlueXP does not support transparent proxy servers.
A CA-signed certificate, if the proxy server uses HTTPS or if the proxy is an intercepting proxy.
Depending on your operating system, either Podman or Docker Engine is required before you install the Connector.
About this task
The installer that is available on the NetApp Support Site might be an earlier version. After installation, the Connector automatically updates itself if a new version is available.
Steps
If the http_proxy or https_proxy system variables are set on the host, remove them:
If you don't remove these system variables, the installation will fail.
Download the Connector software from the NetApp Support Site, and then copy it to the Linux host.
You should download the "online" Connector installer that's meant for use in your network or in the cloud. A separate "offline" installer is available for the Connector, but it's only supported with private mode deployments.
The --proxy and --cacert parameters are optional. If you have a proxy server, you will need to enter the parameters as shown. The installer doesn't prompt you to provide information about a proxy.
Here's an example of the command using both optional parameters:
For a domain user, you must use the ASCII code for a \ as shown above.
BlueXP doesn't support user names or passwords that include the @ character.
If the password includes any of the following special characters, you must escape that special character by prepending it with a backslash: & or !
For example:
http://bxpproxyuser:netapp1\!@address:3128
--cacert specifies a CA-signed certificate to use for HTTPS access between the Connector and the proxy server. This parameter is required only if you specify an HTTPS proxy server or if the proxy is an intercepting proxy.
Result
The Connector is now installed. At the end of the installation, the Connector service (occm) restarts twice if you specified a proxy server.
What's next?
Set up BlueXP.
Step 2: Set up BlueXP
When you access the BlueXP console for the first time, you'll be prompted to choose an account to associate the Connector with and you'll need to enable restricted mode.
Before you begin
The person who sets up the BlueXP Connector must log in to BlueXP using a login that doesn't belong to a BlueXP account or organization.
If your BlueXP login is associated with another account or organization, you'll need to sign up with a new BlueXP login. Otherwise, you won't see the option to enable restricted mode on the setup screen.
Steps
Open a web browser from a host that has a connection to the Connector instance and enter the following URL:
https://ipaddress
Sign up or log in to BlueXP.
After you're logged in, set up BlueXP:
Enter a name for the Connector.
Enter a name for a new BlueXP account.
Select Are you running in a secured environment?
Select Enable restricted mode on this account.
Note that you can't change this setting after BlueXP creates the account. You can't enable restricted mode later and you can't disable it later.
If you deployed the Connector in a Government region, the checkbox is already enabled and can't be changed. This is because restricted mode is the only mode supported in Government regions.
Select Let's start.
Result
The Connector is now installed and set up with your BlueXP account. All users need to access BlueXP using the IP address of the Connector instance.
What's next?
Provide BlueXP with the permissions that you previously set up.
Step 3: Provide permissions to BlueXP
If you deployed the Connector from the Azure Marketplace or if you manually installed the Connector software, you need to provide the permissions that you previously set up so that you can use BlueXP services.
These steps don't apply if you deployed the Connector from the AWS Marketplace because you chose the required IAM role during deployment.
Attach the IAM role that you previously created to the EC2 instance where you installed the Connector.
These steps apply only if you manually installed the Connector in AWS. For AWS Marketplace deployments, you already associated the Connector instance with an IAM role that includes the required permissions.
Steps
Go to the Amazon EC2 console.
Select Instances.
Select the Connector instance.
Select Actions > Security > Modify IAM role.
Select the IAM role and select Update IAM role.
Result
BlueXP now has the permissions that it needs to perform actions in AWS on your behalf.
Provide BlueXP with the AWS access key for an IAM user that has the required permissions.
Steps
In the upper right of the BlueXP console, select the Settings icon, and select Credentials.
Select Add Credentials and follow the steps in the wizard.
Credentials Location: Select Amazon Web Services > Connector.
Define Credentials: Enter an AWS access key and secret key.
Marketplace Subscription: Associate a Marketplace subscription with these credentials by subscribing now or by selecting an existing subscription.
Review: Confirm the details about the new credentials and select Add.
Result
BlueXP now has the permissions that it needs to perform actions in AWS on your behalf.
Go to the Azure portal and assign the Azure custom role to the Connector virtual machine for one or more subscriptions.
Steps
From the Azure Portal, open the Subscriptions service and select your subscription.
It's important to assign the role from the Subscriptions service because this specifies the scope of the role assignment at the subscription level. The scope defines the set of resources that the access applies to. If you specify a scope at a different level (for example, at the virtual machine level), your ability to complete actions from within BlueXP will be affected.
Select Access control (IAM) > Add > Add role assignment.
In the Role tab, select the BlueXP Operator role and select Next.
BlueXP Operator is the default name provided in the BlueXP policy. If you chose a different name for the role, then select that name instead.
In the Members tab, complete the following steps:
Assign access to a Managed identity.
Select Select members, select the subscription in which the Connector virtual machine was created, under Managed identity, choose Virtual machine, and then select the Connector virtual machine.
Select Select.
Select Next.
Select Review + assign.
If you want to manage resources in additional Azure subscriptions, switch to that subscription and then repeat these steps.
Result
BlueXP now has the permissions that it needs to perform actions in Azure on your behalf.
Provide BlueXP with the credentials for the Azure service principal that you previously setup.
Steps
In the upper right of the BlueXP console, select the Settings icon, and select Credentials.
Select Add Credentials and follow the steps in the wizard.
Credentials Location: Select Microsoft Azure > Connector.
Define Credentials: Enter information about the Microsoft Entra service principal that grants the required permissions:
Application (client) ID
Directory (tenant) ID
Client Secret
Marketplace Subscription: Associate a Marketplace subscription with these credentials by subscribing now or by selecting an existing subscription.
Review: Confirm the details about the new credentials and select Add.
Result
BlueXP now has the permissions that it needs to perform actions in Azure on your behalf.
Associate the service account with the Connector VM.
Steps
Go to the Google Cloud portal and assign the service account to the Connector VM instance.
If you want to manage resources in other projects, grant access by adding the service account with the BlueXP role to that project. You'll need to repeat this step for each project.
Result
BlueXP now has the permissions that it needs to perform actions in Google Cloud on your behalf.
Release notes
Suggest changes
PDFs
