Print Email PDF

Separate Cluster Management and Production Traffic

IN THIS ARTICLE

Outlines how to separate cluster management traffic from cluster production traffic on your Qumulo cluster

REQUIREMENTS

  • Cluster running Qumulo Core 2.5.2 or higher

DETAILS

Each node in a Qumulo cluster uses two physical network ports that are bonded together into a single interface using either an Active/Backup or LACP configuration. Qumulo supports a cluster connecting to multiple networks over this single interface using VLAN tagging.

NOTE: For more details, refer to Connect to Multiple Networks in Qumulo Core.

With this configuration, you can access the management interfaces for the cluster (Web UI, QQ CLI, and API) over any of the VLANs that the cluster is connected to. Alternatively, management traffic can also be separated out onto its own VLAN at a network administration level to ensure that the cluster management interfaces can only be accessed by this management VLAN, if your deployment requires it.

To create a management VLAN, configure the following on the VLANs that the cluster is connected to:

  • On all production VLANs, block ports 22, 443, and 8000 for the cluster IP addresses
  • On the management VLAN, allow ports 22, 443, and 8000 for the cluster IP addresses

Keep in mind that management access is restricted according to the user and group permissions that are configured on your cluster. Check out the Role-Based Access Control (RBAC) with Qumulo Core article for more info.

RESOLUTION

You should now be able to separate cluster management traffic from cluster
production traffic on your Qumulo cluster

ADDITIONAL RESOURCES

Connect to Multiple Networks in Qumulo Core

Role-Based Access Control (RBAC) with Qumulo Core

 

Like what you see? Share this article with your network!

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Have more questions?
Open a Case
Share it, if you like it.