Highlighted
DaveHenry1
3 Argentium

HD400 nodes and Active Directory

I have a customer who is considering purchasing a cluster of HD400 nodes. Their plan would be to use only the 10Gb external network.

However, when I generate an install procedure document with SolVe Desktop, I discover this little fact:

  1. [ ]     With an ethernet cable, connect the ext-1 port on the node to the switch for the external network.  For additional 1 Gb connections, use the ext-2 port.

CAUTION:  You must connect the 1 Gb ext-1 port to the external network, even if you were planning on only connecting the 10Gb ports. If you do not connect the 1 Gb ext-1 port, and if the node cannot authenticate to your Active Directory (AD) server, it is possible that the node will not join the cluster and that you will experience additional downtime.

My questions are:

  1. Is it really necessary to use the 1Gb ports for AD? Or simply "recommended"? If it's required we'll need to use both ext-1 and ext-2 because no one would install something that doesn't have redundant connections to AD. This will double the number of network connections the customer thought they needed.
  2. If it's actually necessary, can someone at EMC provide an explanation as to why the 10Gb interfaces on an HD400 are unable to communicate with AD? Is this a "feature" of the HD400? Or is it a limitation of OneFS 7.2 (the minimum required version for HD400)?

If this is an actual requirement, I'm going to need to explain it to my customer.

Labels (2)
0 Kudos
2 Replies
crklosterman
3 Argentium

Re: HD400 nodes and Active Directory

Dave,

     That doc is incorrect, ignore it.  It used to be the case that the 1Gbe interfaces were your option during the initial build wizard over serial, newer releases of OneFS have changed that, so you can pick out 1Gbe or 10Gbe. 

If you have more network questions, I co-wrote this doc that we published a few months ago, that covers a lot of topics like this.

https://support.emc.com/docu58740_Isilon-External-Network-Connectivity-Guide---Routing,-Network-Topo...

If you read the whole thing, I actually advocate for why the 1Gbe interfaces should not be connected when 10Gbe is in use.

Now that said, let's get the document fixed, can you please email me the document in question, so that I can take it to our tech writers for correction? (Email address is below)

~Chris Klosterman

Advisory Solution Architect

EMC Isilon Offer & Enablement Team

Email: chris.klosterman@emc.com

Twitter: @croaking

BlackBoxBoggs
1 Copper

Re: HD400 nodes and Active Directory

The warning cited in Dave Henry's post is in a SolVe generated document.  I could attach the resulting "Isilon_HD400.Installation and Setup Guide.docx" in an email, but I am not sure how you would need to touch the underlying SolVe content to make the fix.

Regarding the warning itself, it appears to be related to a rather wild combination of assumptions:


CAUTION:  You must connect the 1 Gb ext-1 port to the external network, even if you were planning on only connecting the 10Gb ports. If you do not connect the 1 Gb ext-1 port, and if the node cannot authenticate to your Active Directory (AD) server, it is possible that the node will not join the cluster and that you will experience additional downtime.


  • Someone is adding a node from the front panel and is walking away.
  • A default provisioning rule for adding any node to a default subnet0 using ext-1 is intact.
  • That default subnet0 is the only network pool that has a route to all of the AD Domain Controllers.
  • The folks who set up the cluster completely forgot that they need 1GE connections to reach AD.
  • The installation engineer will never look at the Web UI.

There may be other scenarios where this warning makes sense, but the one above requires so much bad practice that the mind starts making leaps to explain the warning. 

  • Did EMC Isilon code something new into OneFS 7.2.x that handles all AD AAA traffic on ext-1 by default?
  • Are the resource reservations for each TCP connection on 10GE so rich that a chatty Microsoft protocol is burdening the appliance, leading to a recommendation for the ext-1 port?

Before I start speculating about tachyon pulses communicating through Black Holes, it would be nice to put this to bed with a clear statement that the code for AD integration has not been changed in OneFS 7.2.x.  Thanks,

0 Kudos