Skip to main content
NetApp Console setup and administration

Learn about NetApp Console deployment modes

Contributors netapp-tonias

The NetApp Console offers multiple deployment modes that enable you to meet your business and security requirements.

  • Standard mode leverages a software as a service (SaaS) layer to provide full functionality. Users access the Console through a web-based hosted interface

  • Restricted mode is available for organizations that have connectivity restrictions who want to install the NetApp Console in their own public cloud. Users access the Console through a web-based interface that's hosted on a Console agent in their cloud environment.

    NetApp Console restricts traffic, communication, and data in restricted mode, and you must ensure your environment (on-premises and in the cloud) complies with required regulations.

Overview

Each deployment mode differs in outbound connectivity, location, installation, authentication, data services, and charging methods.

Standard mode

You use a SaaS service from the web-based console. Depending on the data services and features that you plan to use, a Console organization admin creates one or more Console agents to manage data within your hybrid cloud environment.

This mode uses encrypted data transmission over the public internet.

Restricted mode

You install a Console agent in the cloud (in a government, sovereign, or commercial region), and it has limited outbound connectivity to the NetApp Console SaaS layer.

This mode is typically used by state and local governments and regulated companies.

BlueXP private mode (legacy BlueXP interface only)

BlueXP private mode (legacy BlueXP interface) is typically used with on-premises environments that have no internet connection and with secure cloud regions, which includes AWS Secret Cloud, AWS Top Secret Cloud, and Azure IL6. NetApp continues to support these environments with the legacy BlueXP interface. PDF documentation for BlueXP private mode

The following table provides a comparison of the NetApp console.

Standard mode Restricted mode

Connection required to NetApp Console SaaS layer?

Yes

Outbound only

Connection required to your cloud provider?

Yes

Yes, within the region

Console agent installation

From the Console, cloud marketplace, or manual install

Cloud marketplace or manual install

Console agent upgrades

Automatic upgrades

Automatic upgrades

UI access

From the Console SaaS layer

Locally from an agent VM

API endpoint

The Console SaaS layer

A Console agent

Authentication

Through SaaS using auth0, NSS login, or identity federation

Through SaaS using auth0 or identity federation

Multi-factor authentication

Available for local users

Not available

Storage and data services

All are supported

Many are supported

Data service licensing options

Marketplace subscriptions and BYOL

Marketplace subscriptions and BYOL

Read through the following sections to learn more about these modes, including which NetApp Console features and services are supported.

Standard mode

The following image is an example of a standard mode deployment.

A conceptual image that shows the public internet where the web-based console, SaaS layer, and auth0 authentication are available, a virtual network in the cloud where a Console agent is running and managing Cloud Volumes ONTAP and an AFF cluster in an on-premises data center.

The Console works as follows in standard mode:

Outbound communication

Connectivity is required from a Console agent to the Console SaaS layer, to your cloud provider's publicly available resources, and to other essential components for day-to-day operations.

Supported location for an agent

In standard mode, an agent is supported in the cloud or on your premises.

Console agent installation

You can install an agent using one of the following methods:

  • From the Console

  • From the AWS or Azure Marketplace

  • From the Google Cloud SDK

  • Manually using an installer on a Linux host in your data center or cloud

  • Use the provided OVA in your VCenter environment.

Console agent upgrades

NetApp automatically upgrades your agent monthly.p.

User interface access

The user interface is accessible from the web-based console that's provided through the SaaS layer.

API endpoint

API calls are made to the following endpoint:
https://api.bluexp.netapp.com

Authentication

Authentication with auth0 or NetApp Support Site (NSS) logins. Identity federation is available.

Supported data services

All NetApp data services are supported. Learn more about NetApp data services.

Supported licensing options

Marketplace subscriptions and BYOL are supported with standard mode; however, the supported licensing options depends on which NetApp data service you are using. Review the documentation for each service to learn more about the available licensing options.

How to get started with standard mode

Go to the NetApp Console and sign up.

Restricted mode

The following image is an example of a restricted mode deployment.

A conceptual image that shows the public internet where the SaaS layer and auth0 authentication are available, a virtual network in the cloud where a Console agent is running and providing access to the web-based console, and is managing Cloud Volumes ONTAP and an AFF cluster in an on-premises data center.

The Console works as follows in restricted mode:

Outbound communication

An agent requires outbound connectivity to the Console SaaS layer for data services, software upgrades, authentication, and metadata transmission.

The Console SaaS layer does not initiate communication to an agent. Agents initiate all communication with the Console SaaS layer, pulling or pushing data as needed.

A connection is also required to cloud provider resources from within the region.

Supported location for an agent

In restricted mode, an agent is supported in the cloud: in a government region, sovereign region, or commercial region.

Console agent installation

You can install from the AWS or Azure Marketplace or a manual installation on your own Linux host or us a downloadable OVA in your VCenter environment.

Console agent upgrades

NetApp automatically upgrades your agent software with monthly updates.

User interface access

The user interface is accessible from an agent virtual machine that's deployed in your cloud region.

API endpoint

API calls are made to the agent virtual machine.

Authentication

Authentication is provided through auth0. Identity federation is also available.

Supported storage management and data services

The following storage and data services with restricted mode:

Supported services Notes

Azure NetApp Files

Full support

Backup and recovery

Supported in Government regions and commercial regions with restricted mode. Not supported in sovereign regions with restricted mode.

In restricted mode, NetApp Backup and Recovery supports back up and restore of ONTAP volume data only. View the list of supported backup destinations for ONTAP data

Back up and restore of application data and virtual machine data is not supported.

NetApp Data Classification

Supported in Government regions with restricted mode. Not supported in commercial regions or in sovereign regions with restricted mode.

Cloud Volumes ONTAP

Full support

Licenses and subscriptions

You can access license and subscription information with the supported licensing options listed below for restricted mode.

On-premises ONTAP clusters

Discovery with a Console agent and discovery without a Console agent (direct discovery) are both supported.

When you discover an on-premises cluster without a Console agent, the Advanced view (System Manager) is not supported.

Replication

Supported in Government regions with restricted mode. Not supported in commercial regions or in sovereign regions with restricted mode.

Supported licensing options

The following licensing options are supported with restricted mode:

  • Marketplace subscriptions (hourly and annual contracts)

    Note the following:

    • For Cloud Volumes ONTAP, only capacity-based licensing is supported.

    • In Azure, annual contracts are not supported with government regions.

  • BYOL

    For Cloud Volumes ONTAP, both capacity-based licensing and node-based licensing are supported with BYOL.

How to get started with restricted mode

You need to enable restricted mode when you create your NetApp Console organization.

If you don't have an organization yet, you are prompted to create your organization and enable restricted mode when you log in to the Console for the first time from a Console agent that you manually installed or that you created from your cloud provider's marketplace.

Note You cannot change the restricted mode setting after creating the organization.

Service and feature comparison

The following table can help you quickly identify which services and features are supported with restricted mode.

Note that some services might be supported with limitations. For more details about how these services are supported with restricted mode, refer to the sections above.

Product area NetApp data service or feature Restricted mode

Storage

This portion of the table lists support for storage systems management from the Console. It does not indicate the supported backup destinations for NetApp Backup and Recovery.

Amazon FSx for ONTAP

No

Amazon S3

No

Azure Blob

No

Azure NetApp Files

Yes

Cloud Volumes ONTAP

Yes

Google Cloud NetApp Volumes

No

Google Cloud Storage

No

On-premises ONTAP clusters

Yes

E-Series

No

StorageGRID

No

Data Services

NetApp Backup and recovery

Yes

View the list of supported backup destinations for ONTAP volume data

NetApp Data Classification

Yes

NetApp Copy and Sync

No

NetApp Disaster Recovery

No

NetApp Ransomware Resilience

No

NetApp Replication

Yes

NetApp Cloud Tiering

No

NetApp Volume caching

No

NetApp Workload factory

No

Features

Alerts

No

Digital Advisor

No

License and subscription management

Yes

Identity and access management

Yes

Credentials

Yes

Federation

Yes

Lifecycle planning

No

Multi-factor authentication

Yes

NSS accounts

Yes

Notifications

Yes

Search

Yes

Software updates

No

Sustainability

No

Audit

Yes