Nodeum Docs
HomepageBlog
  • ✨What is Nodeum?
    • Data Management Software
  • 👣GETTING STARTED
    • Step by Step
  • 🏨ARCHITECTURE
    • Standalone
    • High Availability
    • Fully Scalable & Resilience
  • Install and Deploy Nodeum
    • Platform Support
    • Nodeum v1
      • Ansible based installation
    • Nodeum v2 - Data Mover
      • Ansible based Installation
        • Customize your Installation
      • Docker Based Deployment
    • SLURM Integration
    • Software License Application
  • Interfaces
    • ND Client
    • Console
      • Manual for Administrator
        • Login
        • Dashboard & Reports
        • Catalog
        • Data Mover Management
        • Advanced Task Management
        • Data Container
        • Primary Storage Configuration
        • Pool Management
        • TCO Calculator
        • Toolbox
        • System Settings
          • Information
          • Configuration
          • Date & Time
          • Backup
          • Services
          • Hostname and DNS Configuration
          • NAS Storage Configuration
          • Object Storage Configuration
          • Tape Library Configuration
          • User Management
          • Audits
      • Manual for End User
    • For Developers
      • RESTful API
      • Configuration through RestAPI Console
      • Software Developement Kits (SDK)
      • Nodeum API
        • API Terms of Use
        • release v1.x
        • release v2.x
  • DATA MOVER
    • Policy-Based Task orchestration
      • Pool Management
      • Scheduler
      • Data Integrity
      • Priority Management
      • Filtering (Basic or Advanced)
      • Hook service (callback)
    • Content traceability
    • Metadata Management
  • IDENTITY MANAGEMENT
    • Right - Authentication & Authorization
    • LDAP Plugin for JWT Token
  • Container Configuration
    • Prerequisites
    • About Container
    • Authorization and Authentication
    • Access your Container
  • HYBRID STORAGE MANAGEMENT
    • File System Managment
    • Object Storage Management
      • Customize your S3 connection
    • Tape Library Management
      • Tape Writing Format : LTFS
      • Tape Compression
      • Tape Rehydratation
      • Import a LTFS Tape
      • Task Maintenance for Tapes
  • ⏰Alert & Monitoring
    • Alerts
    • Monitoring
    • Log Management
  • 🏥Recover after Hardware Failure
    • Failover - Active/Passive
    • Failover Procedure - One Site
    • Backup & Restore
  • 🔐Security Guide
    • Advanced Network Configuration
    • Add a SSL Certificate on Web Console
    • Enable SSL Certificate Container accessible on S3 Protocol
  • Compatibility guide
    • Software requirement
    • Supported Storage
  • PRODUCT SPECIFICATIONS
    • Character Set Support
    • Limitations
    • Files Status
    • Task Status
Powered by GitBook
On this page
  • Network Interface
  • Firewall Configuration

Was this helpful?

  1. Security Guide

Advanced Network Configuration

Last updated 29 days ago

Was this helpful?

The network interface(s) and IP configuration(s) are managed directly in the Operating Systems.

Our deployment use the configured interface configuration but will also allow different form of security hardening in term of firewall and network interfaces segregation.

  • The deployment allows to configure services binding to dedicated network interfaces.

  • The Internal Firewall can filter and protect network flows between different network security layers.

Important Notes:

Hostname should have a maximum of 15 characters if AD authentication is set.

If DNS are not well configured and if the system cannot resolve properly the DNS - IP resolution, the system will not work as expected.

Network Interface

The network interface settings are specified in the inventory files of the Nodeum Ansible installation package.

You can locate the inventory files at /inventory/hosts_vars/srv1. There is a section for defining the service binding.

Standard Configuration

By default, the iface_name parameter uses the primary network interface, and each service binds to this default interface. default interface.

# If there is no default network interface defined or you want to override it
# iface_name: eth0

Mapping Services to Specific Network Interfaces

Each service can be explicitly mapped to a specific network interface by configuring the iface_name parameter. By default, services bind to the primary network interface. However, to override this behavior and assign a service to a particular interface, specify the desired interface name in the iface_name setting of that service’s configuration.

After updating the inventory files to reflect your desired mappings, rerun the Nodeum Ansible Installation playbook to apply the changes.

# Specific name of interface for each service. Default to iface_name 
(or default network interface) if undefined
# smb_iface_name: eth0
# nfs_iface_name: eth0
# rails_iface_name: eth0
# zookeeper_iface_name: eth0
# solr_iface_name: eth0
# catalog_indexer_iface_name: eth0

Description of each parameter:

Parameter
Service Name

smb_iface_name

SAMBA

nfs_iface_name

NFS

rails_iface_name

RAILS

solr_iface_name

SOLR

catalog_iface_name

CATALOG INDEXER

Firewall Configuration

A comprehensive security guide is available on demand to help configure and manage the various components of firewall security settings. Whether it's an external or internal firewall, it can be set up to filter and protect the network traffic between different security layers.

Nodeum Ansible installation package does not alter your firewall configuration

🔐