This section provides a high-level overview of setting up a storage cluster in your a network.

...

A router or an Open Systems Interconnection (OSI) layer 3 switch routes network packets between subnets. A router segregates network traffic by filtering packets based on the targeted subnets. Separating the subnets provides the Swarm nodes with a stable network bandwidth so the multicast and unicast traffic between each node in your a storage network does not interfere with the systems and devices in your the corporate network.

Switching Hardware

If your client workstations are configured with 100 Mbps network interface controllers (NICs) or cannot effectively use more than 100 Mbps of bandwidth, connecting these systems to 1000 Mbps Ethernet switches may not be cost-effective. In this case, consider connecting these workstations to a separate Ethernet switch that supports the slower bandwidth speed.

...

The following network architecture has the client workstations, application servers, and Swarm storage nodes isolated on switches that support their the maximum bandwidth speeds.

...

Using advanced switches that support supporting multiple routing capabilities, you can isolate your network segments can be isolated as Virtual LANs (or VLANs) on the same device.

To provide high availability when a switch fails, design your Design the Swarm storage network subnet to incorporate redundant switches . When Swarm nodes are connected to multiple network switches, a to provide high availability when a switch fails. A redundant path provides uninterrupted data communications between the nodes if a switch fails for any reason when Swarm nodes are connected to multiple network switches. Deploying Swarm in a multiple switch environment (or switched fabric) requires planning and an understanding of your the corporate IT structure.

The bandwidth in the switched fabric needs to exceed the port speed on each switch to provide effective data communications between each switch port. Contact the switch provider for information about proprietary software or implementing link aggregation in the Swarm network.

...

When deploying any service on the Internet or within an extensive enterprise wide area network (WAN), network security is a top priority. In these situations, install a firewall or filtering router in front of the storage cluster nodes to control the types of traffic and requests that access your the cluster nodes. 

The following illustration shows a firewall that allows requests on TCP port 80, the default Simple Content Storage Protocol (SCSP) port. If the SCSP port value set in the storage cluster node or cluster configuration file is not port 80, reset the firewall TCP port to match the value in the configuration file.

If Additional configuration is required to allow the supported SCSP methods if the firewall can examine HTTP request content or traffic on OSI layer 7 (the Application layer), additional configuration is required to only allow your supported SCSP methods.

• To present a cluster as a read-only device to external clients, block the POST and DELETE requests to prevent updates to the cluster.

• To prevent client access to the Node Status window in the Swarm Admin Console, configure the firewall to deny "GET /" requests to the cluster nodes.

• To prevent unauthorized access to the Swarm Admin Console, block Internet access to the Swarm Admin Console port (default TCP port 90) and the SNMP port (UDP port 161). Wide area networks (WANs) may require additional restrictions to prevent access to specific administrative networks or workstations.

• To minimize the client impact of hardware failures, deploy devices in redundant pairs when adding security devices such as firewalls into the network architecture.