Secured management,
when enabled, moves all management traffic to one subnet, making all
other subnets available only for client access (CIFS/NFS), replication,
and NDMP traffic. This prevents users on client (data) access subnets
from being able to access any management functions. In FluidFS, the
below mentioned ports do not participate in NFS/CIFS communication,
but are exposed on the client network. By default, all of the management
ports are open on all subnets, along with the others ports needed
for client access, replication, and NDMP.
For some users the management
traffic must be treated as privileged, and must be exposed only on
one subnet. The subnet that secured management is enabled on also
has the necessary ports open for client access (CIFS/NFS), replication,
and NDMP traffic.
-
Service
-
Port
-
Web Services
- 80
-
Web Services
- 443
-
FTP
- 44421
-
FTP
- 44422
-
SSH
- 22
-
SOAP
- 35451
The secured management feature allows enabling
secured managementon one specific subnet. By doing so,
all management traffic are exclusively limited to that specific subnet.
Other subnets will not have any of those groups’ ports listening on
them. When secured management is enabled, the FluidFS NAS Manager
(Web GUI) must be accessed using secure HTTP,
https://<managementVIP>/, instead of just
http. When secured management is enabled,
port 80 is disabled on all subnets. Secured management can be enabled
only after the system is fully deployed.
- The
secured management feature is managed
via FluidFS Command Line Interface.
- To make a subnet secured:
- It must exist prior to the securing operation
- It must reside on the client physical network.
- You must login to CLI from this subnet.
For more information on the secured management CLI command, see
the
Dell FluidFS NAS Solutions CLI Reference Guide at
dell.com/support/manuals.
-
NOTE: Enabling
secured management on a subnet does not disconnect existing management
sessions that reside on other networks. You are warned if such sessions
exist. To ensure that no existing sessions exist, disconnect the reported
sessions, disable secured management, and then enable secured management.
Verify no other management sessions were reported.