Can we setup a Proxy Server in the firewall zone to discover all the servers in the controlled/DMZ area or do we need to setup two Balance Servers ?
The documentation says that for the return communication, it will use any random port. However, the customer does not wish to open up a range of ports. That is the reason why I am asking whether it is possible to setup a Proxy Server to discover all the servers or do we need to setup another Balance Server in the DMZ area ?
"OnCommand Balance communicates to the NetAppProxy through port 9443 (configurable). The NetAppProxy communicates to all other Windows servers via Windows Management Instrumentation (WMI) through port 445. However, for the return communication, WMI ports are assigned by DCOM and they can use any random port from 1024 and up."
The documentation only mentions that the Proxy Server can only discover storage array ?
If we need to setup two Balance Servers, do we need two licenses or does the license cover the entire site ?
Basically, deploy a Balance proxy on the far side of the firewall, on the same side as the Windows guests. The dynamic ports opened by WMI between the guest and the proxy all happen on the far side of the firewall, so no firewall changes are needed for this.
But now the Balance VA and proxy are on different sides of the firewall, and you need to open the 443 and 9443 ports to allow them to communicate.
Since Balance can handle several proxies, a single Balance VA can monitor multiple groups of servers and storage behind different firewalls.