ONTAP Discussions

CVO in Azure - NSG Rules (Kerberos)

tyrone_owen_1

Hi,

 

I've noticed that the default Network Security Group for CVO has an allowed incoming rule for Kerberos TCP 749. Can anyone articulate why this is please?

 

Thanks

6 REPLIES 6

Re: CVO in Azure - NSG Rules (Kerberos)

ttran

Hello Tyrone_owen_1,

 

Port 749 is the default port used for the KDC administration daemon.

 

 

Regards,

 

Team NetApp

Team NetApp

Re: CVO in Azure - NSG Rules (Kerberos)

darb0505

Hi tyrone_owen,

 

As mention before by @ttran, port 749 is used for the kdc (kerberos) administration daemon. 

 

Here is a link to the networking requirements for CVO in Azure incase you were wondering all the ports that are used in the SG.

 

Let us know if you have any additional questions regarding CVO in Azure or cloud in general

 

Thanks

Team NetApp

Re: CVO in Azure - NSG Rules (Kerberos)

tyrone_owen_1

Thanks

 

Probably my ignorance but isn't that an outbound port?

Re: CVO in Azure - NSG Rules (Kerberos)

darb0505

It is both inbound and outbound.  If you are using HA CVO then the inbound traffic will go through the Azure Load Balancer, which is why traffic from the Load Balancer should be open to any port/protocol. 

 

Let me know if you have any further questions.

 

Thanks

Team NetApp

Re: CVO in Azure - NSG Rules (Kerberos)

tyrone_owen_1

Just to be clear, it is possible for the KDC administration daemon to initiate inbound traffic over 749 to a CVO appliance? In what circumstances please?

 

Thanks

Re: CVO in Azure - NSG Rules (Kerberos)

Mjizzini

Cloud Manager creates AWS security groups that include the inbound and outbound rules that the Connector and Cloud Volumes ONTAP need to operate successfully. Security group rules for AWS

 

For more information please visit the below link.

Can the configuration of AWS External Security Groups for CVO be changed?

Earn Rewards for Your Review!
GPI Review Banner
All Community Forums
Public