Advanced Network Configuration
Last updated
Was this helpful?
Last updated
Was this helpful?
The network interface(s) and IP configuration(s) are managed directly in the Operating Systems.
Our deployment use the configured interface configuration but will also allow different form of security hardening in term of firewall and network interfaces segregation.
The deployment allows to configure services binding to dedicated network interfaces.
The Internal Firewall can filter and protect network flows between different network security layers.
Important Notes:
Hostname should have a maximum of 15 characters if AD authentication is set.
If DNS are not well configured and if the system cannot resolve properly the DNS - IP resolution, the system will not work as expected.
The network interface settings are specified in the inventory files of the Nodeum Ansible installation package.
You can locate the inventory files at /inventory/hosts_vars/srv1
. There is a section for defining the service binding.
By default, the iface_name parameter uses the primary network interface, and each service binds to this default interface. default interface.
Each service can be explicitly mapped to a specific network interface by configuring the iface_name
parameter. By default, services bind to the primary network interface. However, to override this behavior and assign a service to a particular interface, specify the desired interface name in the iface_name setting of that service’s configuration.
After updating the inventory files to reflect your desired mappings, rerun the Nodeum Ansible Installation playbook to apply the changes.
Description of each parameter:
smb_iface_name
SAMBA
nfs_iface_name
NFS
rails_iface_name
RAILS
solr_iface_name
SOLR
catalog_iface_name
CATALOG INDEXER
A comprehensive security guide is available on demand to help configure and manage the various components of firewall security settings. Whether it's an external or internal firewall, it can be set up to filter and protect the network traffic between different security layers.