By default, all FluidFS cluster management
ports are open on all subnets, along with the other ports needed for
client access (SMB/NFS), replication, and NDMP. Secured management,
when enabled, exclusively limits all management traffic to one specific
subnet.
The subnet on which secured management is enabled
also has the necessary ports open for client access, replication,
and NDMP traffic. Other subnets will not have any of the management
ports listening on them, making them available only for client access,
replication, and NDMP traffic. This restriction prevents users on
client (data) access subnets from accessing any FluidFS cluster management
functions.
In FluidFS, the ports listed in the following table
do not participate in SMB/NFS communication, but are exposed on the
client network by default. Enabling secured management allows you
to expose the management ports on a management subnet only.
Service |
Port |
Web Services |
80 |
Secure Web Services |
443 |
FTP |
44421 |
FTP (Passive) |
44430–44439 |
FTPS |
990 |
SSH |
22 |
Dell Storage Manager communication |
35451 |
Secured management can be enabled only after the system
is deployed. To make a subnet secure:
- The subnet must exist prior to enabling the secured
management feature.
- The subnet can reside on the client network (subnet-level
isolation of management traffic) or the LOM (Lights Out Management)
Ethernet port (physical isolation of management traffic). The LOM
Ethernet port is located on the lower-right side of the back panel
of a NAS controller.
- You must log in from this subnet.