Advanced Network Configuration

Last updated 1 month ago

Was this helpful?

Advanced Network Configuration

The network interface(s) and IP configuration(s) are managed directly in the Operating Systems.

Our deployment use the configured interface configuration but will also allow different form of security hardening in term of firewall and network interfaces segregation.

The deployment allows to configure services binding to dedicated network interfaces.
The Internal Firewall can filter and protect network flows between different network security layers.

Important Notes:

Hostname should have a maximum of 15 characters if AD authentication is set.

If DNS are not well configured and if the system cannot resolve properly the DNS - IP resolution, the system will not work as expected.

Network Interface

The network interface settings are specified in the inventory files of the Nodeum Ansible installation package.

You can locate the inventory files at /inventory/hosts_vars/srv1. There is a section for defining the service binding.

Standard Configuration

By default, the iface_name parameter uses the primary network interface, and each service binds to this default interface. default interface.

# If there is no default network interface defined or you want to override it
# iface_name: eth0

Mapping Services to Specific Network Interfaces

Each service can be explicitly mapped to a specific network interface by configuring the iface_name parameter. By default, services bind to the primary network interface. However, to override this behavior and assign a service to a particular interface, specify the desired interface name in the iface_name setting of that service’s configuration.

After updating the inventory files to reflect your desired mappings, rerun the Nodeum Ansible Installation playbook to apply the changes.

# Specific name of interface for each service. Default to iface_name 
(or default network interface) if undefined
# smb_iface_name: eth0
# nfs_iface_name: eth0
# rails_iface_name: eth0
# zookeeper_iface_name: eth0
# solr_iface_name: eth0
# catalog_indexer_iface_name: eth0

Description of each parameter:

Parameter

Service Name

smb_iface_name

SAMBA

nfs_iface_name

NFS

rails_iface_name

RAILS

solr_iface_name

SOLR

catalog_iface_name

CATALOG INDEXER

Firewall Configuration

A comprehensive security guide is available on demand to help configure and manage the various components of firewall security settings. Whether it's an external or internal firewall, it can be set up to filter and protect the network traffic between different security layers.

Nodeum Ansible installation package does not alter your firewall configuration

Last updated 1 month ago

Was this helpful?

The network interface(s) and IP configuration(s) are managed directly in the Operating Systems.

Our deployment use the configured interface configuration but will also allow different form of security hardening in term of firewall and network interfaces segregation.

The deployment allows to configure services binding to dedicated network interfaces.
The Internal Firewall can filter and protect network flows between different network security layers.

Important Notes:

Hostname should have a maximum of 15 characters if AD authentication is set.

If DNS are not well configured and if the system cannot resolve properly the DNS - IP resolution, the system will not work as expected.

Network Interface

The network interface settings are specified in the inventory files of the Nodeum Ansible installation package.

You can locate the inventory files at /inventory/hosts_vars/srv1. There is a section for defining the service binding.

Standard Configuration

By default, the iface_name parameter uses the primary network interface, and each service binds to this default interface. default interface.

# If there is no default network interface defined or you want to override it
# iface_name: eth0

Mapping Services to Specific Network Interfaces

After updating the inventory files to reflect your desired mappings, rerun the Nodeum Ansible Installation playbook to apply the changes.

# Specific name of interface for each service. Default to iface_name 
(or default network interface) if undefined
# smb_iface_name: eth0
# nfs_iface_name: eth0
# rails_iface_name: eth0
# zookeeper_iface_name: eth0
# solr_iface_name: eth0
# catalog_indexer_iface_name: eth0

Description of each parameter:

Parameter

Service Name

smb_iface_name

SAMBA

nfs_iface_name

NFS

rails_iface_name

RAILS

solr_iface_name

SOLR

catalog_iface_name

CATALOG INDEXER

Firewall Configuration

Nodeum Ansible installation package does not alter your firewall configuration