This section provides a high-level overview of setting up a storage cluster in a network.
Sample Networks
The following illustration shows a network where the storage cluster nodes and clients are located in the same subnet using a 1000 Mbps switch. This network is easy to set up and requires basic hardware components, but does not offer any traffic separation between the Swarm nodes and the remaining network.
The next illustration shows a network where the storage cluster nodes and clients are located on separate subnets using a router.
Layer 3 Switching and Routing
A router or an Open Systems Interconnection (OSI) layer 3 switch routes network packets between subnets. A router segregates network traffic by filtering packets based on the targeted subnets. Separating the subnets provides the Swarm nodes with a stable network bandwidth so the multicast and unicast traffic between each node in a storage network does not interfere with the systems and devices in the corporate network.
Switching Hardware
If client workstations are configured with 100 Mbps network interface controllers (NICs) or cannot effectively use more than 100 Mbps of bandwidth, connecting these systems to 1000 Mbps Ethernet switches may not be cost-effective. In this case, consider connecting these workstations to a separate Ethernet switch that supports the slower bandwidth speed.
When selecting Ethernet switching hardware, remember that many client workstations are configured with 100 Mbps NICs, and it may not be cost-effective to connect these workstations to 1000 Mbps ports. Additionally, the operating systems and applications running on these workstations might be unable to use more than 100 Mbps of bandwidth effectively.
The following network architecture has the client workstations, application servers, and Swarm storage nodes isolated on switches that support the maximum bandwidth speeds.
Using advanced switches supporting multiple routing capabilities, network segments can be isolated as Virtual LANs (or VLANs) on the same device.
Design the Swarm storage network subnet to incorporate redundant switches to provide high availability when a switch fails. A redundant path provides uninterrupted data communications between the nodes if a switch fails for any reason when Swarm nodes are connected to multiple network switches. Deploying Swarm in a multiple switch environment (or switched fabric) requires planning and an understanding of the corporate IT structure.
The bandwidth in the switched fabric needs to exceed the port speed on each switch to provide effective data communications between each switch port. Contact the switch provider for information about proprietary software or implementing link aggregation in the Swarm network.
Internet Deployments
When deploying any service on the Internet or within an extensive enterprise wide area network (WAN), network security is a top priority. In these situations, install a firewall or filtering router in front of the storage cluster nodes to control the types of traffic and requests that access the cluster nodes.
The following illustration shows a firewall that allows requests on TCP port 80, the default Simple Content Storage Protocol (SCSP) port. If the SCSP port value set in the storage cluster node or cluster configuration file is not port 80, reset the firewall TCP port to match the value in the configuration file.
Additional configuration is required to allow the supported SCSP methods if the firewall can examine HTTP request content or traffic on OSI layer 7 (the Application layer).
To present a cluster as a read-only device to external clients, block the POST and DELETE requests to prevent updates to the cluster.
To prevent client access to the Node Status window in the Swarm Admin Console, configure the firewall to deny "GET /" requests to the cluster nodes.
To prevent unauthorized access to the Swarm Admin Console, block Internet access to the Swarm Admin Console port (default TCP port 90) and the SNMP port (UDP port 161). Wide area networks (WANs) may require additional restrictions to prevent access to specific administrative networks or workstations.
To minimize the client impact of hardware failures, deploy devices in redundant pairs when adding security devices such as firewalls into the network architecture.