- Community Home
- >
- Storage
- >
- Midrange and Enterprise Storage
- >
- StoreVirtual Storage
- >
- Re: Lefthand CMC and SAN deployment best practice ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-27-2013 07:03 AM
тАО02-27-2013 07:03 AM
Lefthand CMC and SAN deployment best practice help
I am getting some flak from my peers about how I have CMC and our SANтАЩs setup. They would like the integrated NICтАЩs on the SANтАЩs active and plugged in and on our production network so they can use CMC to manage the SANтАЩs from any machine in the production network ( I feel this is a huge security risk). Right now I have the integrated NICтАЩs disabled, there are two 10GB fiber links active on the тАЬSAN VLANтАЭ, and the ILO ports for the SANтАЩs are on the production network.
I have a physical server with two NICтАЩs, one plugged into the тАЬSAN VLANтАЭ and one plugged into the production network with CMC loaded to manage the SANтАЩs. My failover manager(s) also runs on this physical server.
I thought this was the most secure deployment I could implement, and was under the impression this was considered тАЬbest practiceтАЭ. Could anyone provide me with some insight?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-27-2013 01:06 PM
тАО02-27-2013 01:06 PM
Re: Lefthand CMC and SAN deployment best practice help
A CMC installation on several server/clients in the production environment would not make any sense to me. Much better to do a ts connection to you're cmc/fom server. That server could also be used for IRS (Insight Remote Support) if you choose so.
I would not not have liked to exposed my "disk-network" to other networks like that. Having access to the ip/nodes is a core requirement for managing the nodes so why have a "disk/network/vlan in the first place if "everyone" is going to connect from "everywhere"?
You're design is "better" and looks like a lot of installations I have seen out there. Never seen a implementation looking like what you're peers are suggesting!
KurtG
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-27-2013 01:41 PM
тАО02-27-2013 01:41 PM
Re: Lefthand CMC and SAN deployment best practice help
Keep your management separated like you have now. Even if an "attacker" did not have the CMC, they could SSH in to the storage nodes and perform management group operations. Granted there is authentication and specific ports to connect to, but isolated is still the best bet when you consider your business is riding on that SAN.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-27-2013 02:21 PM
тАО02-27-2013 02:21 PM
Re: Lefthand CMC and SAN deployment best practice help
I don't see why you can't give the other people access with the setup you have now. You just have to have a router/gateway between your SAN and LAN. I don't ever manage the network from my SAN since CMC and SAN/iq all route totally fine over the network as long as the gateways are configured. You can then lock down access to the SAN however you like... we just use our enterprise firewall with very restriced rules to allow access to those who need it.