Advanced Network Configuration

The network interface(s) and IP configuration(s) are managed directly in the Operating Systems.

Our deployment use the configured interface configuration but will also allow different form of security hardening in term of firewall and network interfaces segregation.

• The deployment allows to configure services binding to dedicated network interfaces.

• The Internal Firewall can filter and protect network flows between different network security layers.

Important Notes:

Network Interface - Standard Configuration

The solution will be used by the default network interface and associated IP configuration. These settings will be used to bind each different service of Nodeum.

Network Interface - Service mapping

Each service can be bind to specific network interface.

Nodeum Ansible Installation playbook needs to be reapplied once the inventory files have been modified accordingly to the mapping you need.

In the hosts information file, you can find in the extracted Nodeum installation package.

Follow this file(s): /inventory/hosts_vars/srv1.

It contains the different configurations and settings that will be applied the o host.

There is a section to define the service binding.

By default, the iface_name parameter is using the main network interface, but this information can be overwritten.

# If there is no default network interface defined or you want to override it
# iface_name: eth0

Different parameters to bind a list of services to a specific interface name.

# Specific name of interface for each service. Default to iface_name 
(or default network interface) if undefined
# smb_iface_name: eth0
# nfs_iface_name: eth0
# rails_iface_name: eth0
# zookeeper_iface_name: eth0
# solr_iface_name: eth0
# catalog_indexer_iface_name: eth0

Description of each parameter: