- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Cluster communication with a firewall "vault"
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-01-2010 05:46 AM
тАО11-01-2010 05:46 AM
Cluster communication with a firewall "vault"
Can a they maintain a 3 node cluster if two of the nodes are in the vault and 1 is outside the vault? I'm wondering about cluster communication since DECNET traffic would be blocked between the node outside the vault and the two inside the vault.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-01-2010 05:56 AM
тАО11-01-2010 05:56 AM
Re: Cluster communication with a firewall "vault"
Oswald
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-01-2010 06:05 AM
тАО11-01-2010 06:05 AM
Re: Cluster communication with a firewall "vault"
Firewall-protected subnet? (Probably an expensive and arcane example of that, given the obfuscated terminology.)
If DECnet via DDCMP and DECnet via IP is blocked from the protected subnet at the firewall router, then chances are that SCS traffic is also blocked.
Which means yes, they have to punch a few protocols through the firewall, if they want the cluster to operate.
Check your product versions, too. You might see UCX V4.2 on a V7 release (since unsupported), but it's more common to see V5.0A or V5.1 or later on V7. (I don't recall there being V4.5 release, either.)
The AlphaServer 2100 and the associated storage is not cheap to maintain, either, and that's easy to port that to a small fraction of the power and space, and with vastly better disk reliability, too. More than a few of those had RAID-5 (also known as fictional RAID), and that's really nasty during recovery from failed disks, and disks of the same vintage as the AlphaServer 2100 series are falling over all over.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-01-2010 06:08 AM
тАО11-01-2010 06:08 AM
Re: Cluster communication with a firewall "vault"
As Oswald noted, the firewall (AND all intervening network devices) should allow SCS protocol.
And it can NOT be routed!
The only alternative is to move to VMS 8.4 on ALL nodes, and go IPCI (IP ClusterInterconnect).
But that is REALLY brandnew, and I would not yet consider VMS 8.4 "production ready". YMMV.
Should you go IPCI anytime soon, be sure to get HP (and here that means VMS Engineering!) involved; and report your experiences here, please.
Proost.
Have one on me.
jpe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-01-2010 06:22 AM
тАО11-01-2010 06:22 AM
Re: Cluster communication with a firewall "vault"
Yes the equipment is old. Their plan is to eliminate the hardware by running their applications on OpenVMS emulation software (still at OpenVMS V7.1).
I'll have to find out if it's being routed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-01-2010 06:46 AM
тАО11-01-2010 06:46 AM
Re: Cluster communication with a firewall "vault"
I concur with Hoff, et al. I would expect SCS traffic (which is neither DECnet nor IP) to be blocked. I also note a major security issue: SCS traffic is not encrypted, and the security of the cluster depends on that traffic being safe.
Use extreme caution. This could create a major security and integrity problem in the OpenVMS cluster.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-01-2010 07:00 AM
тАО11-01-2010 07:00 AM
Re: Cluster communication with a firewall "vault"
DECnet and SCS are unrelated.
SCS can be routed.
SCS can be routed via various transports, given the appropriate networking gear.
And that's been possible long before the arrival of V8.4, too, given a sufficiently fast site-to-site link or managed switch.
There's some old stuff on this topic in RFC 1638, and likely some other RFCs. That RFC is from 1994, and DEC and Cisco both had products in this space an eon ago. Certainly other vendors, too. I first used these SCS bridging schemes late in version 4 series, shortly after SCS was deployed via Ethernet. That was a LONG time ago.
There's a picture of this layout in the manuals, too:
http://www.openvms.compaq.com/doc/732final/6318/6318pro_026.html
Now with more details on what this "vault" really is and why it's particularly superior (or inferior) to a plain old firewall and subnet, or circa level-3 managed switch, well, that has yet to be determined.