Active IQ Unified Manager Discussions

network firewall port to communicate with netapp support

scheckel
6,648 Views

Hi,

my customer is having a security project were all assets will be moved to a secured network. For this we need to know how the oncommand products are communicating with external systems. (e.g. ASUSP, autoupdate,RSA)

So my question how are inbound and and outband connection to oncommand insight except mangement?

Here is a spreadsheed how the customer wants to have a feedback:

Is there are place where this is documented, for all NetApp Products:

ONTAP

OCUM,OPM,OCinsight,OCSM

Best wishes,

Markus.

6 REPLIES 6

ostiguy
6,648 Views

Hey Markus,

OCI ASUP via http/https/ftp goes to gate.onaro.com which is 216.240.24.23

OCI's automated disk updates feature pulls disk definitions from the same place. Also, the OCI Java client's ability to notify you about new OCI versions also comes from the same place.

OCI ASUP via SMTP goes to support_sanscreen_ph@netapp.com

OCI ASUP goes to normal destination ports for http (80), https (443), ftp (21), SMTP (25)

Matt

scheckel
6,648 Views

Hi Matt,

thanks for that information. Is it also possible to get info about the communication between aquisition unit and oci DB server and also the communication between DWH and OCI server?

Best wihes,

Markus.

ostiguy
6,648 Views

Hey Markus,

All OCI Remote Acquisition Unit traffic is https to the OCI server - the RAU initiates a HTTPS connection to the OCI server's HTTPS port (default 443).

The DWH needs tcp 3306 access to all OCI servers for the ETL jobs to work, and should have tcp 80/443 as well.

The OCI DWH does not send OCI ASUP to NetApp - it will pick 1 OCI server it has an ETL "Connector" to, to pass OCI DWH Asup data to via 80/443.

The assumption is that the OCI server that receives the OCI DWH ASUP data will include that data as part of the OCI ASUP that particular OCI server sends

Matt

DRUMDUDESAN
6,648 Views

Hi,

To confirm communication ports that are in place at your site(s) run netstat (both Windows and Linux); and on the filers and hosting software components. On Linux and Windows hosts you can use find and grep commands to be more specific; look up man pages for command line options of netstat.

Windows examples:

  1. netstat -aon | find /i "listening"
  2. netstat -aon | find /i "established"

Linux examples:

  1. netstat -nat | grep LISTEN
  2. netstat -nat | grep ESTABLISHED

So for example on your "oncommand insight" host run the appropriate netstat options you are seeking.

Jeff

scheckel
6,648 Views

Hi Matt,

thanks for all that information.

One question about symapi which are dedicated? How is there the communication from OCDB server to this dedicated hosts?

Best wishes,

Markus.

ostiguy
6,648 Views

Hey Markus,

If you are using EMC Solutions Enabler in client/server mode, you have Solutions Enabler installed on the OCI point of acquisition - either the "local" Acquisition Unit ("SANscreen Acq" service) on the OCI operational server, or on a Remote Acquisition Unit (RAU). Solutions Enabler will initiate tcp connections to the storsrvd daemon, listening on tcp 2707 on your "server" Solutions Enabler server (defined as having fc connectivity + gatekeepers presented from a Symmetrix).

If you are using SMI-S for Symmetrix performance collection, OCI will initiate connections to 5988 / 5989 (unencrypted / SSL/TLS encrypted SMI-S respectively)

Matt

Public