Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.
For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

Active IQ Unified Manager Discussions

Insight balance and vm access

shlomifan

Hi,

We noticed insight balance requires guest access to collect information via a proxy.

This poses a security issue for us as virtual machine networks are completely isolated with no routing between the networks

Is there a workaround for this issue?

Which functionally will be missing with no guest access?

Are there any plans to collect information from the virtual center directly without guest access

Thanks

Shlomi

3 REPLIES 3

plauterb

You can open the firewall to allow access to the proxy between networks. Another solution is to add multiple network adapters to the Balance VA, and put them on each VM network, if there are not too many of them.

shlomifan

Our cloud architecture doest not include any open ports or routing between customers

It is  strange that this product requires such connectivity which is completely unsuitable for public cloud deployments

Even stranger Given the fact that NetApp was one of the first storage vendors to support multi-tenant

Too bad, it does seem like a very good management and monitoring product, unlike other products on the market today...

francoi1

Hello,

Indeed and opposite to products collecting VM only through vCenter, OC Balance collects data directly from the Windows VM, allowing Balance to get VM paging, swapping, check alignement and draw end-to-end topology. Moreover, thanks to this end-to-end monitoring of the data path, Balance can apply its analytics to detect bottlenecks or rogue VM.

Without the Balance discovering and monitoring the VM, you're loosing many unique Balance features I'm afraid.

Windows VM are collected and monitored by the Balance Proxy.

Linux and Unix VM are collected and monitored by the Balance server.

The connection between the Balance Server and the Balance Proxy is through a single TCP port. What about setting up a proxy with dual network connection and appropriate filtering rules to allow only it to flow between the two networks?

Regards.

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public