This section provides a high-level overview of setting up a storage cluster in your network.
Table of Contents |
---|
Sample Networks
The following illustration shows a network where the storage cluster nodes and clients are located in the same subnet using a 1000 Mbps switch. This network is easy to set up and requires basic hardware components, but does not offer any traffic separation between the Swarm nodes and the remaining network.
...
The next illustration shows a network where the storage cluster nodes and clients are located on separate subnets using a router.
...
Layer 3 Switching and Routing
...
The following network architecture has the client workstations, application servers, and Swarm storage nodes isolated on switches that support their maximum bandwidth speeds.
...
Using advanced switches that support multiple routing capabilities, you can isolate your network segments as Virtual LANs (or VLANs) on the same device.
To provide high availability when a switch fails, design your Swarm storage network subnet to incorporate redundant switches. When Swarm nodes are connected to multiple network switches, a redundant path provides uninterrupted data communications between the nodes if a switch fails for any reason. Deploying Swarm in a multiple switch environment (or switched fabric) requires planning and an understanding of your corporate IT structure.
To provide effective data communications between each switch port, make sure that the The bandwidth in your the switched fabric exceeds needs to exceed the port speed on each switch . For to provide effective data communications between each switch port. Contact the switch provider for information about proprietary software or implementing link aggregation in your the Swarm network, contact your switch provider.
Internet Deployments
When deploying any service on the Internet or within an extensive enterprise wide area network (WAN), network security is a top priority. In these situations, install a firewall or filtering router in front of the storage cluster nodes to control the types of traffic and requests that access your cluster nodes.
...
If the firewall can examine HTTP request content or traffic on OSI layer 7 (the Application layer), additional configuration is required to only allow your supported SCSP methods.
To present a cluster as a read-only device to external clients, block the POST and DELETE requests to prevent updates to the cluster.
To prevent client access to the Node Status window in the Swarm Admin Console, configure the firewall to deny "GET /" requests to the cluster nodes.
To prevent unauthorized access to the Swarm Admin Console, block Internet access to the Swarm Admin Console port (default TCP port 90) and the SNMP port (UDP port 161). Wide area networks (WANs) may require additional restrictions to prevent access to specific administrative networks or workstations.
To minimize the client impact of hardware failures, deploy devices in redundant pairs when adding security devices such as firewalls into the network architecture.