Active IQ Unified Manager Discussions
Active IQ Unified Manager Discussions
Hi,
my customer is having a security project were all assets will be moved to a secured network. For this we need to know how the oncommand products are communicating with external systems. (e.g. ASUSP, autoupdate,RSA)
So my question how are inbound and and outband connection to oncommand insight except mangement?
Here is a spreadsheed how the customer wants to have a feedback:
Is there are place where this is documented, for all NetApp Products:
ONTAP
OCUM,OPM,OCinsight,OCSM
Best wishes,
Markus.
Hey Markus,
OCI ASUP via http/https/ftp goes to gate.onaro.com which is 216.240.24.23
OCI's automated disk updates feature pulls disk definitions from the same place. Also, the OCI Java client's ability to notify you about new OCI versions also comes from the same place.
OCI ASUP via SMTP goes to support_sanscreen_ph@netapp.com
OCI ASUP goes to normal destination ports for http (80), https (443), ftp (21), SMTP (25)
Matt
Hi Matt,
thanks for that information. Is it also possible to get info about the communication between aquisition unit and oci DB server and also the communication between DWH and OCI server?
Best wihes,
Markus.
Hey Markus,
All OCI Remote Acquisition Unit traffic is https to the OCI server - the RAU initiates a HTTPS connection to the OCI server's HTTPS port (default 443).
The DWH needs tcp 3306 access to all OCI servers for the ETL jobs to work, and should have tcp 80/443 as well.
The OCI DWH does not send OCI ASUP to NetApp - it will pick 1 OCI server it has an ETL "Connector" to, to pass OCI DWH Asup data to via 80/443.
The assumption is that the OCI server that receives the OCI DWH ASUP data will include that data as part of the OCI ASUP that particular OCI server sends
Matt
Hi,
To confirm communication ports that are in place at your site(s) run netstat (both Windows and Linux); and on the filers and hosting software components. On Linux and Windows hosts you can use find and grep commands to be more specific; look up man pages for command line options of netstat.
Windows examples:
netstat -aon | find /i "listening"
netstat -aon | find /i "established"
Linux examples:
netstat -nat | grep LISTEN
netstat -nat | grep ESTABLISHED
So for example on your "oncommand insight" host run the appropriate netstat options you are seeking.
Jeff
Hi Matt,
thanks for all that information.
One question about symapi which are dedicated? How is there the communication from OCDB server to this dedicated hosts?
Best wishes,
Markus.
Hey Markus,
If you are using EMC Solutions Enabler in client/server mode, you have Solutions Enabler installed on the OCI point of acquisition - either the "local" Acquisition Unit ("SANscreen Acq" service) on the OCI operational server, or on a Remote Acquisition Unit (RAU). Solutions Enabler will initiate tcp connections to the storsrvd daemon, listening on tcp 2707 on your "server" Solutions Enabler server (defined as having fc connectivity + gatekeepers presented from a Symmetrix).
If you are using SMI-S for Symmetrix performance collection, OCI will initiate connections to 5988 / 5989 (unencrypted / SSL/TLS encrypted SMI-S respectively)
Matt