Enterprises today face a critical challenge: Finding a way to get AI-powered insights from vast amounts of unstructured data stored across on-premises and AWS environments. 

 

While this data contains valuable knowledge that could transform the decision-making process, accessing it for generative AI (GenAI) applications typically requires complex, costly migrations. AWS has designed a new service that can help sidestep that challenge: Amazon Q Business. Amazon Q Business offers a compelling solution as a generative AI-powered assistant designed specifically for enterprise productivity. Now there’s a way for NetApp® ONTAP® users to gain the benefits of this important AI service.

 

The NetApp Connector for Amazon Q provides simplified, secure access for your Amazon Q Business applications to enterprise data stored in NetApp ONTAP systems, both on AWS and in on-premises storage environments.

 

This guide walks you through how to deploy the Connector using BlueXP™ workload factory for AWS to unlock the AI value in your Amazon FSx for NetApp ONTAP (FSX for ONTAP) data.

 

Here’s what we’ll cover:

 

• Why connect your ONTAP data to Amazon Q Business with BlueXP workload factory?
• Overview of the solution architecture
  • Tech recap
  • Reference architecture: From data storage to AI insights
• NetApp Connector deployment
  • Prerequisites
  • Initiate the Connector creation
  • Define the Connector details
  • Add and configure data sources
  • Monitor the Connector and access Amazon Q
• Using your Amazon Q Business application with ONTAP data

 

Why connect your ONTAP data to Amazon Q Business with BlueXP workload factory?

NetApp customers have massive amounts of valuable data already stored and managed in ONTAP environments. The NetApp Connector for Amazon Q Business presents a simplified way for Amazon Q Business to access that data—without the need for a disruptive, costly, and complex migration. 

 

This solution offers value across the board:

 

1. Unlock enterprise knowledge: Amazon Q Business can search, understand, and use ONTAP and FSx for ONTAP data for contextual responses and automation.

2. Simplified deployment: Workload factory GenAI simplifies the setup process for the Connector without requiring any deep AI/data infrastructure expertise on the user’s part, accelerating time to value.

3. Security-first approach: NetApp provides advanced data management functionalities: Granular file access permissions, data guardrails (including personally identifiable information, or PII, redaction), and built-in AWS account boundaries.

4. Cost-effective connectivity: Customers can make full use of existing ONTAP storage without costly extract, transform, load (ETL) operations or data migrations.

5. Broad file support: Handles Server Message Block (SMB) and Network File System (NFS) data, supporting the common enterprise formats.

 

Overview of the solution architecture

 

The NetApp Connector for Amazon Q Business acts as a bridge between your ONTAP data and the powerful AI capabilities of Amazon Q Business. An added benefit: The Amazon Q Connector is currently available at no additional cost, making it an even more attractive option for organizations exploring AI integration.

 

Let's briefly review technologies and how the data flows for the end-to-end solution. 

Tech recap

These are the technical components that constitute the solution:

 

• NetApp ONTAP: Serves as your source data repository, which can include on-premises systems with data replicated or cached to FSx for ONTAP.
• Amazon FSx for NetApp ONTAP: Acts as the primary data source that the Connector interfaces with in your AWS environment.
• BlueXP workload factory for AWS: Provides the centralized management platform where you configure, deploy, and manage the ONTAP Connector through an intuitive web interface.
• NetApp Connector for Amazon Q: Manages the connection. This service accesses data from FSx for ONTAP, processes it, and synchronizes it with Amazon Q Business.
• Amazon Q Business: Offers the GenAI assistant that indexes and utilizes your data to provide intelligent responses and actions. 

 

Reference architecture: From data storage to AI insights

The data flow process is abstracted through the user-friendly web-based setup experience in workload factory. 

 

Here you can see a diagram of the NetApp Connector architecture illustrating i) the data indexing flow from FSx for ONTAP to Amazon Q Business via the NetApp AI Engine, and ii) the user query flow from the Amazon Q Business interface.

 

 

i) The data indexing flow

1. An administrator deploys and configures the NetApp Connector via the workload factory interface to run on a NetApp AI engine compute instance within the customer’s VPC. 
2. Optionally, administrators can replicate or cache data from on-premises NetApp systems to FSx for ONTAP using NetApp SnapMirror® or FlexCache® technologies.
3. The engine automatically discovers and scans data from available sources, including FSx for ONTAP and any network-accessible SMB shares or NFS exports.
4. In parallel, it also continuously tracks file metadata to efficiently detect and process incremental changes during subsequent scans.
5. To enforce granular access permissions throughout the connection, the engine integrates with your existing identity infrastructure through AWS Managed Microsoft AD, automatically retrieving user email addresses, and preserves each document's Access Control List (ACLs) so that users only have access to information they're authorized to see.
6. If enabled, documents are processed through BlueXP classification before indexing to identify and redact personally identifiable information (PII), adding an extra layer of data governance before information reaches the AI assistant.
7. The processed documents, along with their ACLs and file system metadata, are securely transmitted to the Amazon Q Business index for searchability.

 

ii) The user query flow

1. The user logs in to Amazon Q Business web experiences after authenticating through AWS IAM Identity Center.
2. When the user submits a query, it is processed against the Amazon Q Business search index, which contains all the data previously indexed by the NetApp Connector.
3. Amazon Q Business intelligently filters and returns search results, showing only documents for which the authenticated user has proper access permissions based on the stored ACLs.
4. The AI assistant sends back to the user a secure and contextually relevant answer for their query through the web experience.

NetApp Connector deployment

This section guides you through creating and configuring the NetApp Connector for Amazon Q using the workload factory interface. 

Prerequisites

Before deployment, you’ll need to have:

• A BlueXP account with workload factory enabled.
• An Amazon Q Business subscription and a deployed Amazon Q Business application. 
• An FSx for ONTAP system with accessible data and proper IAM permissions for cross-service integration.

If your FSx for ONTAP system includes data replicated from on-premises ONTAP systems, your SnapMirror or FlexCache relationships must be properly configured and operational. 

 

• If PII data redaction is required, BlueXP classification should be correctly configured and licensed.

For complete details, consult the official Requirements for NetApp Connector for Amazon Q documentation.

 

IMPORTANT: Setup errors often result from incorrectly configured prerequisites, so ensure that you cover this step in detail. 

 

Initiate the Connector creation

1. Log in to BlueXP workload factory. 
2. Select the GenAI service.
3. Under the “Knowledge bases & Connectors” tab, click the “Create new” button and choose “Amazon Q Business Connector” from the drop-down menu.

 

Define the Connector details

Next, the “Define Connector” page will appear. It will offer several configuration sections that determine how your Connector will operate and integrate with your existing systems.

 

Connector details: 

• Enter a unique name and description for your Connector that clearly identifies its purpose and scope. 
• Expand the Amazon Q section to select the AWS Region where your existing Amazon Q Business application is deployed and choose your pre-existing Amazon Q Business application from the list. 

If no application is found, an error will direct you to create one first.

 

Data guardrails: 

To enable PII redaction, toggle this to “Enabled.” To do this, you will need BlueXP classification to be active in your account and Region. 

 

When enabled, text-based files (.txt, .md, .csv, .pdf, .docx) will be scanned, and PII will be replaced with <PII_REMOVED>. For this process, PDF and DOCX files are converted to TXT files.

 

Storage definitions: 

Select an FSx for ONTAP system that will store the Connector’s metadata (note that this isn't the source data for Amazon Q Business, but operational metadata for the Connector itself). 

Choose a Snapshot policy for this metadata storage from the Snapshot policies list.

Once all details are filled in as desired, click “Create Connector” to initialize the deployment process.

Add and configure data sources

After successful Connector creation, you can configure the specific data sources that Amazon Q Business will index and make available for queries. 

 

The system supports multiple data sources per Connector, each potentially using different protocols and on-premises sources.

 

 

Click the “Add data source” button which will open the “Add data source” wizard. Here you’ll configure the exact data sources you are interested in following the NetApp nested file hierarchy. 

 

IMPORTANT: While you can add new data sources and modify permissions for existing data sources (except during data scanning), you cannot change the scope or configuration of the data sources themselves after the Connector creation, so plan your initial data scope carefully.

Select the file system 

In the “Select FSx for ONTAP file system” step, choose the specific FSx for ONTAP file system that contains the on-premises and cloud data you want to synchronize with Amazon Q Business. 

 

Click “Next” to proceed. 

Select the volume and data scope

In the “Select a volume” step, you will choose a volume from the selected FSx for ONTAP system. You can choose to select the entire volume (to include all content) or specific folders within the volume (to browse and select particular folders). 

 

If you choose specific folders only, you can select the folder names from the list view created in the widget. 

 

Make your selection and click “Next” to continue.

Note that each data source corresponds to one volume (or part of a volume), but you can add multiple data sources to a single Connector.

 

Configure the file filtering and sync

The “Configurations” step provides detailed control over file processing and synchronization behavior.

 

Under File filtering, choose “All file types” (supported types will be processed) or select file types manually and check desired extensions (.pdf, .docx, .txt, .html, .csv, etc.). The file modification time filter is available (default is disabled) if you want to only keep files in a certain time range. 

 

Complete the data source configuration by clicking the “Add data source” button. 

This action registers your data source with the Connector and typically initiates the first synchronization process with Amazon Q Business. 

 

IMPORTANT: The system automatically synchronizes data every 24 hours, with the option for users to trigger immediate synchronization using a “Sync now” button when needed. You can find this by clicking the three-dot menu icon in the Connector widget in workload factory (as indicated in the screenshot below).

Monitor the Connector and access Amazon Q

Back in the workload factory GenAI “Knowledge bases & Connectors” tab, you can now access your new Connector with its real-time status information. 

 

You can also monitor the status of individual data sources, including the number of files processed successfully, any files that failed processing (along with detailed error information), and current processing status indicators such as “Processing,” “Processed,” or “Failed.”

 

Find more information on how to manage your Amazon Q Business Connectors here.

 

Once the initial data synchronization completes, you can access your enhanced Amazon Q Business experience by clicking the Amazon Q web experience link associated with your Connector—or navigate directly to your Amazon Q application in the AWS console.

 

Using your Amazon Q Business application with ONTAP data

With your ONTAP Connector successfully deployed and your data synchronized, you can now harness the power of your enterprise knowledge through the intuitive Amazon Q Business conversational interface.

 

Begin exploring by asking questions based on content from your indexed FSx for ONTAP data sources. The AI assistant can now provide intelligent responses grounded in your organization’s actual documents, policies, procedures, and historical data. Whether you’re seeking information about company guidelines, technical specifications, project documentation, or training materials, Amazon Q Business can quickly locate and synthesize relevant information from your ONTAP repositories.

 

Two important security shutouts protect your sensitive data throughout the query and response process:

 

1. Users can only query and access information for which they have permission, as the Connector inherits and respects the original file-level permissions from your ONTAP system.
2. If data guardrails were enabled during setup, any PII that might appear in responses will be automatically masked with <PII_REMOVED> placeholders.

 

Conclusion

The NetApp Connector for Amazon Q, deployed through workload factory, represents a significant step forward in making enterprise AI both accessible and secure. 

 

As you become comfortable with your initial deployment, consider expanding your AI capabilities by:

 

• Creating additional Connectors for different data sources.
• Exploring Amazon Q Business actions and plugins for enhanced functionality.
• Reviewing synchronization statistics to optimize data scope based on usage patterns. 

 

For continued learning and support, explore the BlueXP workload factory and consult the official Connector documentation to unlock the full potential of your AI-enhanced enterprise knowledge management system.

 

Get started with BlueXP workload factory here.