etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloudstack/docs/tmp/en-US/html/topology-req.html

28 lines
6.4 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.7. Topology Requirements</title><link rel="stylesheet" type="text/css" href="Common_Content/css/default.css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.8" /><meta name="package" content="Apache_CloudStack-Installation_Guide-4.0.0-incubating-en-US-1-" /><link rel="home" href="index.html" title="CloudStack Installation Guide" /><link rel="up" href="network-setup.html" title="Chapter 12. Network Setup" /><link rel="prev" href="management-server-lb.html" title="12.6. Setting Zone VLAN and Running VM Maximums" /><link rel="next" href="guest-nw-usage-with-traffic-sentinel.html" title="12.8. Guest Network Usage Integration for Traffic Sentinel" /></head><body><p id="title"><a class="left" href="http://cloudstack.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.cloudstack.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="management-server-lb.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="guest-nw-usage-with-traffic-sentinel.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="topology-req" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="topology-req">12.7. Topology Requirements</h2></div></div></div><div xml:lang="en-US" class="section" id="security-req" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="security-req">12.7.1. Security Requirements</h3></div></div></div><div class="para">
The public Internet must not be able to access port 8096 or port 8250 on the Management Server.
</div></div><div xml:lang="en-US" class="section" id="runtime-internal-comm-req" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="runtime-internal-comm-req">12.7.2. Runtime Internal Communications Requirements</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
The Management Servers communicate with each other to coordinate tasks. This communication uses TCP on ports 8250 and 9090.
</div></li><li class="listitem"><div class="para">
The console proxy VMs connect to all hosts in the zone over the management traffic network. Therefore the management traffic network of any given pod in the zone must have connectivity to the management traffic network of all other pods in the zone.
</div></li><li class="listitem"><div class="para">
The secondary storage VMs and console proxy VMs connect to the Management Server on port 8250. If you are using multiple Management Servers, the load balanced IP address of the Management Servers on port 8250 must be reachable.
</div></li></ul></div></div><div xml:lang="en-US" class="section" id="storage-nw-topology-req" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="storage-nw-topology-req">12.7.3. Storage Network Topology Requirements</h3></div></div></div><div class="para">
The secondary storage NFS export is mounted by the secondary storage VM. Secondary storage traffic goes over the management traffic network, even if there is a separate storage network. Primary storage traffic goes over the storage network, if available. If you choose to place secondary storage NFS servers on the storage network, you must make sure there is a route from the management traffic network to the storage network.
</div></div><div xml:lang="en-US" class="section" id="external-fw-topology-req" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="external-fw-topology-req">12.7.4. External Firewall Topology Requirements</h3></div></div></div><div class="para">
When external firewall integration is in place, the public IP VLAN must still be trunked to the Hosts. This is required to support the Secondary Storage VM and Console Proxy VM.
</div></div><div xml:lang="en-US" class="section" id="adv-zone-topology-req" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="adv-zone-topology-req">12.7.5. Advanced Zone Topology Requirements</h3></div></div></div><div class="para">
With Advanced Networking, separate subnets must be used for private and public networks.
</div></div><div xml:lang="en-US" class="section" id="xenserver-topology-req" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="xenserver-topology-req">12.7.6. XenServer Topology Requirements</h3></div></div></div><div class="para">
The Management Servers communicate with XenServer hosts on ports 22 (ssh), 80 (HTTP), and 443 (HTTPs).
</div></div><div xml:lang="en-US" class="section" id="vmware-topology-req" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="vmware-topology-req">12.7.7. VMware Topology Requirements</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
The Management Server and secondary storage VMs must be able to access vCenter and all ESXi hosts in the zone. To allow the necessary access through the firewall, keep port 443 open.
</div></li><li class="listitem"><div class="para">
The Management Servers communicate with VMware vCenter servers on port 443 (HTTPs).
</div></li><li class="listitem"><div class="para">
The Management Servers communicate with the System VMs on port 3922 (ssh) on the management traffic network.
</div></li></ul></div></div><div xml:lang="en-US" class="section" id="kvm-topology-req" lang="en-US"><div class="titlepage"><div><div><h3 class="title" id="kvm-topology-req">12.7.8. KVM Topology Requirements</h3></div></div></div><div class="para">
The Management Servers communicate with KVM hosts on port 22 (ssh).
</div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="management-server-lb.html"><strong>Prev</strong>12.6. Setting Zone VLAN and Running VM Maximums</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="guest-nw-usage-with-traffic-sentinel.html"><strong>Next</strong>12.8. Guest Network Usage Integration for Traffic...</a></li></ul></body></html>
Reference in New Issue View Git Blame Copy Permalink