IN THIS ARTICLE
Outlines how to separate cluster management traffic from cluster production traffic on your Qumulo cluster
- Cluster running Qumulo Core 2.5.2 or higher
Each node in a Qumulo cluster uses two physical network ports that are bonded together into a single interface using either an Active/Backup or LACP configuration. Qumulo supports a cluster connecting to multiple networks over this single interface using VLAN tagging.
NOTE: For more details, refer to Connect to Multiple Networks in Qumulo Core.
With this configuration, you can access the management interfaces for the cluster (Web UI, QQ CLI, and API) over any of the VLANs that the cluster is connected to. Alternatively, management traffic can also be separated out onto its own VLAN at a network administration level to ensure that the cluster management interfaces can only be accessed by this management VLAN, if your deployment requires it.
To create a management VLAN, configure the following on the VLANs that the cluster is connected to:
- On all production VLANs, block ports 22, 443, and 8000 for the cluster IP addresses
- On the management VLAN, allow ports 22, 443, and 8000 for the cluster IP addresses
Keep in mind that management access is restricted according to the user and group permissions that are configured on your cluster. Check out the Role-Based Access Control (RBAC) with Qumulo Core article for more info.
You should now be able to separate cluster management traffic from cluster
production traffic on your Qumulo cluster
Like what you see? Share this article with your network!