Dell DX6004S DX Object Storage Getting Started Guide - Page 9

Internet Deployments, 2.2. Setting Up the Network for DX Storage

Get Dell DX6004S PDF manuals and user guides View all Dell DX6004S manuals
Add to My Manuals
Save this manual to your list of manuals

Page 9 highlights

switches, the network connection between switches must be faster than the individual ports. Contact your switch provider for information about proprietary software or use a mechanism such as link aggregation. 2.1.4. Internet Deployments Network security is one of the top considerations during the deployment of any service on the Internet or within an extensive enterprise WAN. In these types of deployments, put a firewall or filtering router in front of DX Storage to control the kind of traffic and requests that are allowed to reach the cluster nodes. The preceding figure shows a firewall that allows requests on TCP/80. This is the default SCSP port, but it should be changed to match the scspport value set in the node or cluster configuration file for the DX Storage cluster if it is something other than 80. If the firewall is sophisticated enough to examine Layer 7 (Application Layer), or the contents of the HTTP requests, further restrictions should be made to allow only GET, HEAD, POST, DELETE requests. If a cluster is exposed read-only to these external clients, the POST and DELETE requests can be blocked to prevent updates to the cluster. To prevent client access to the node status page, the firewall should deny "GET /" requests to the cluster nodes. Administrators should block Internet access to the Admin Console port (default TCP/90) and to the SNMP port (UDP/161). In wide-area networks, further restrictions might be desirable to restrict access to these services to specific administrative networks or workstations. Anytime critical devices such as firewalls are introduced into a network architecture, they should be deployed in redundant pairs to minimize the chance of failures that cut-off all client access. 2.2. Setting Up the Network for DX Storage Client applications must be able to initiate TCP connections with all nodes in a DX Storage cluster using the designated access port, typically port 80. Internally, DX Storage nodes must be able to communicate with each other using UDP, TCP, and multicast. The following topics in this section discuss how to set up a DX Storage cluster in a standard TCP/IP networking environment: • Section 2.2.1, "Network Summary" Copyright © 2010 Caringo, Inc. All rights reserved 6 Version 5.0 December 2010

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
Copyright © 2010 Caringo, Inc.
All rights reserved
6
Version 5.0
December 2010
switches, the network connection between switches must be faster than the individual ports. Contact
your switch provider for information about proprietary software or use a mechanism such as
link
aggregation
.
2.1.4. Internet Deployments
Network security is one of the top considerations during the deployment of any service on the
Internet or within an extensive enterprise WAN. In these types of deployments, put a firewall or
filtering router in front of DX Storage to control the kind of traffic and requests that are allowed to
reach the cluster nodes.
The preceding figure shows a firewall that allows requests on TCP/80. This is the default SCSP port,
but it should be changed to match the scspport value set in the node or cluster configuration file for
the DX Storage cluster if it is something other than 80.
If the firewall is sophisticated enough to examine Layer 7 (Application Layer), or the contents of
the HTTP requests, further restrictions should be made to allow only GET, HEAD, POST, DELETE
requests. If a cluster is exposed read-only to these external clients, the POST and DELETE
requests can be blocked to prevent updates to the cluster. To prevent client access to the node
status page, the firewall should deny “GET /” requests to the cluster nodes.
Administrators should block Internet access to the Admin Console port (default TCP/90) and to
the SNMP port (UDP/161). In wide-area networks, further restrictions might be desirable to restrict
access to these services to specific administrative networks or workstations.
Anytime critical devices such as firewalls are introduced into a network architecture, they should be
deployed in redundant pairs to minimize the chance of failures that cut-off all client access.
2.2. Setting Up the Network for DX Storage
Client applications must be able to initiate TCP connections with all nodes in a DX Storage cluster
using the designated access port, typically port 80. Internally, DX Storage nodes must be able to
communicate with each other using UDP, TCP, and multicast.
The following topics in this section discuss how to set up a DX Storage cluster in a standard TCP/IP
networking environment:
Section 2.2.1, “Network Summary”