...
...
Table of Contents |
---|
This section provides a high-level overview of setting up a storage cluster in a network.
Table of Contents |
---|
Sample Networks
The following illustration shows a network where the storage cluster nodes and clients are located in the same subnet using a 1000 Mbps switch. This network is easy to set up and requires basic hardware components, but does not offer any traffic separation between the Swarm nodes and the remaining network.
...
Design the Swarm storage network subnet to incorporate redundant switches to provide high availability when a switch fails. A redundant path provides uninterrupted data communications between the nodes if a switch fails for any reason when Swarm nodes are connected to multiple network switches. Deploying Swarm in a multiple-switch environment (or switched fabric) requires planning and an understanding of the corporate IT structure.
...
When deploying any service on the Internet or within an extensive enterprise-wide area network (WAN), network security is a top priority. In these situations, install a firewall or filtering router in front of the storage cluster nodes to control the types of traffic and requests that access the cluster nodes.
...
To present a cluster as a read-only device to external clients, block the POST and DELETE requests to prevent updates to the cluster.
To prevent client access to the Node Status window in the Swarm Admin Console, configure the firewall to deny "GET /" requests to the cluster nodes.
To prevent unauthorized access to the Swarm Admin Console, block Internet access to the Swarm Admin Console port (default TCP port 90) and the SNMP port (UDP port 161). Wide area networks (WANs) may require additional restrictions to prevent access to specific administrative networks or workstations.
To minimize the client impact of hardware failures, deploy devices in redundant pairs when adding security devices such as firewalls into the network architecture.