Active IQ Unified Manager Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active IQ Unified Manager Discussions

Ask a Question

Balance Proxy Server

gabrielc
NetApp
‎2013-04-29 02:06 PM
8,291 Views

Hi

Can we setup a Proxy Server in the firewall zone to discover all the servers in the controlled/DMZ area or do we need to setup two Balance Servers ?

The documentation says that for the return communication, it will use any random port. However, the customer does not wish to open up a range of ports. That is the reason why I am asking whether it is possible to setup a Proxy Server to discover all the servers or do we need to setup another Balance Server in the DMZ area ?

"OnCommand Balance communicates to the NetAppProxy through port 9443 (configurable). The NetAppProxy communicates to all other Windows servers via Windows Management Instrumentation (WMI) through port 445. However, for the return communication, WMI ports are assigned by DCOM and they can use any random port from 1024 and up."

The documentation only mentions that the Proxy Server can only discover storage array ?

If we need to setup two Balance Servers, do we need two licenses or does the license cover the entire site ?

Thanks

Gabriel

0 Kudos
View By:
4 REPLIES 4

dmilliro
NetApp
‎2013-04-29 02:13 PM
8,291 Views

Hi Gabriel,


Yes.  That is a perfectly supported option.  You will then only need to open 443 and 9443 between the proxy server and the Balance appliance for the DMZ servers.

Thanks, Daniel

0 Kudos

plauterb
NetApp Alumni
‎2013-04-29 02:34 PM
8,291 Views

Not only is using the proxy through the firewall an option, it is highly recommended. This way you can have all the inventory on one Balance node, which is most likely what you want.

0 Kudos

ploufg
‎2014-02-05 10:17 AM
In response to plauterb
8,291 Views

Hi

Great info

Is there an official document available from netapp about this configuration.

thanks

0 Kudos

plauterb
NetApp Alumni
‎2014-02-05 01:35 PM
In response to ploufg
8,291 Views

There should be details in the sysadmin guide about deploying proxies, and the ports that need to be opened.  This knowledge base has similar info:

What port does Windows Management Instrument use in OnCommand Balance?

Basically, deploy a Balance proxy on the far side of the firewall, on the same side as the Windows guests. The dynamic ports opened by WMI between the guest and the proxy all happen on the far side of the firewall, so no firewall changes are needed for this.

But now the Balance VA and proxy are on different sides of the firewall, and you need to open the 443 and 9443 ports to allow them to communicate.

Since Balance can handle several proxies, a single Balance VA can monitor multiple groups of servers and storage behind different firewalls.

0 Kudos
All Community Forums
Public