Prerequisites and Considerations
There are both prerequisites and a number of topics for you to consider when implementing Votiro's Secure File Gateway into your environment. See sections for more details:
n |
n |
n |
n |
n |
n |
Ports
Network connectivity requirements enabling secure outbound and inbound communications with Votiro's Secure File Gateway are detailed in the tables below.
Outbound | Source | Destination | Port Number | Transport Protocol | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Releasing Files | ovf_network | Exchange / Edge | 25 | tcp | ||||||||||||||||||
Active Directory | ovf_network | Domain Controller
|
|
| ||||||||||||||||||
SIEM | ovf_network | SIEM Server | 514 | udp |
Inbound | Source | Destination | Port Number | Transport Protocol |
---|---|---|---|---|
SSH, SCP | Any | ovf_network | 22 | tcp |
Processing Request | API Client | ovf_network | 443 | tcp |
Monitoring Grafana | Grafana | ovf_network | ||
Monitoring Prometheus | Prometheus |
Virtual Appliance Communication Settings
Internal Communication Settings
For internal communications between nodes of each machine inside the VLAN, the following settings are required:
n | 22/tcp |
n | 25/tcp |
n | 389/tcp (LDAP) |
n | 636/tcp (LDAPS) |
n | 2379-2380/tcp |
n | 6443/tcp |
n | 10250-10252/tcp |
n | 10255/tcp |
n | 24007 – 24008/tcp |
n | 49152 – 49154/tcp |
n | 123/udp (See Syncing with an NTP Server). |
n | 514/udp |
n | 8472/udp |
External Communication Settings
For external communications, the following settings are required:
n | 22/tcp |
n | 443/tcp |
Syncing with an NTP Server
When using an NTP server, as a pre-requisite you must sync with it using port 123/udp.
Using an External Storage Server
In addition to the virtual appliance machines' internal storage, you can use an external storage server. Votiro's Secure File Gateway can be configured to communicate with your storage server, using a mount from the external storage to the virtual appliance machines.
When external storage is configured it is used as the main storage area. Storage will contain a set of original and processed files.
The mount created results in the true storage type, such as SAN and NAS, being transparent, leading to Votiro's Secure File Gateway supporting all External Storage types.
For instructions on how to configure External Storage, see How to Configure the Votiro SFG Cluster with External Storage.
For instructions on how to configure External Storage, contact Votiro's Support team.
Note
The internal storage requirement remains at 200 GB per node. It is available for use should the external storage server link fail. Stored files are transferred from the VM to the external storage server when it becomes available.
Load Balancing
Votiro's Secure File Gateway automatically supports load balancing using a basic internal load balancer. We recommend that you implement a hardware-based load balancer in to your production environment to balance between the nodes of your VM.
WARNING!
If the number of nodes reduces to two, Secure File Gateway will continue working for a maximum of two hours before processing stops.
Votiro Registry in Azure
This consideration is relevant when your Secure File Gateway installation includes an online environment.
To enable secure communication with your Votiro appliance, the proxy server ACL must include permission for the Votiro registry in the Azure URL.
Comments
0 comments
Please sign in to leave a comment.