Prerequisites and Considerations
There are both prerequisites and a number of topics for you to consider when implementing Votiro Cloud into your environment. See sections for more details:
n |
n |
n |
n |
n |
n |
Ports
Network connectivity requirements enabling secure outbound and inbound communications with Votiro Cloud are detailed in the tables below.
Outbound |
Source | Destination |
Port Number | Transport Protocol | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Releasing Files |
ovf_network | Exchange / Edge |
25 | tcp | ||||||||||||||||||
Active Directory |
ovf_network |
Domain Controller
|
|
|
||||||||||||||||||
SIEM | ovf_network | SIEM Server |
514 | udp |
Inbound |
Source | Destination |
Port Number | Transport Protocol |
---|---|---|---|---|
SSH, SCP |
Any |
ovf_network | 22 | tcp |
Processing Request |
API Client |
ovf_network | 443 | tcp |
Monitoring Grafana | Grafana |
ovf_network | ||
Monitoring Prometheus | Prometheus |
Additional Port Connectivity Requirements when Connecting to External Storage
When there’s a firewall between the cluster to the external NFS-based storage or the connection is somehow restricted on the customer’s end, the following ports should be opened/allowed when trying to connect to the external storage:
n | Port 111 TCP\UDP – PortMapper (mandatory). |
n | Port 2049 TCP\UDP – NFS service (mandatory). |
n | Port 635 TCP\UDP – Mount daemon (mandatory only when working with NetApp). |
n | Port 4045 TCP\UDP – NFS lock manager (mandatory only when working with NetApp). |
n | Port 4046 TCP\UDP – NFS status (mandatory only when working with NetApp). |
n | Port 4049 TCP\UDP – NFS quota daemon (mandatory only when working with NetApp). |
Virtual Appliance Communication Settings
Internal Communication Settings
For internal communications between nodes of each machine inside the VLAN, the following settings are required:
Port number |
Protocol |
Description |
---|---|---|
22 |
TCP | During init, node 1 will communicate with node 2 and 3 and will update keys, username, etc. |
25 |
TCP | Required when enabling "Release" function from management console (email integration) |
389 | TCP (LDAP) | LDAP - Active Directory integration |
636 | TCP (LDAPS) | LDAPS - Secure Active Directory integration |
2379-2380 | TCP | etcd server-client API (used by kube-apiserver, etcd) |
6443 | TCP | Kubernetes API server |
10250-10252 | TCP | Kubelet API |
10255 | TCP | Worker node read-only Kubelet API |
24007-24008 | TCP | GlusterFS (daemon+management) (note it is 24007-24008) |
49152-49154 | TCP | GlusterFS (for each brick in a volume) |
123 | UDP | Require to enable Network Time Protocol (NTP) (See Syncing with an NTP Server) |
514 | UDP | On-prem Syslog integration |
8472 | UDP | Flannel overlay network (K8s requirement) |
51820 | UDP | |
51821 | UDP | |
5001 | TCP |
External Communication Settings
For external communications, the following settings are required:
n | 22/tcp |
n | 443/tcp |
Syncing with an NTP Server
When using an NTP server, as a pre-requisite you must sync with it using port 123/udp.
Using an External Storage Server
In addition to the virtual appliance machines' internal storage, you can use an external storage server. Votiro Cloud can be configured to communicate with your storage server, using a mount from the external storage to the virtual appliance machines.
When external storage is configured it is used as the main storage area. Storage will contain a set of original and processed files.
The mount created results in the true storage type, such as SAN and NAS, being transparent, leading to Votiro Cloud supporting all External Storage types.
For instructions on how to configure External Storage, see How to Configure the Votiro Cloud Cluster with External Storage.
For instructions on how to configure External Storage, contact Votiro's Support team.
Note
* The internal storage requirement remains at
* Read / Write permissions should be granted to user 1000 for the relevant path.
* Cluster IPs should be added under Policy-Export rules.
Load Balancing
Votiro Cloud automatically supports load balancing using a basic internal load balancer.
Note : An external hardware-based load balancer is required in your production environment to balance between the nodes of your VM.
WARNING!
Our product supports high-availability when a node fails. The system will continue to sanitize but at reduced performance. There could be a minimal downtime of one minute. We recommend recovering the failing node as soon as possible to restore the system to maximum sanitization performance.
Votiro Registry in Azure
This consideration is relevant when your Votiro Cloud installation includes an online environment.
To enable secure communication with your Votiro appliance, the proxy server ACL must include permission for the Votiro registry in the Azure URL.
Comments
0 comments
Please sign in to leave a comment.