The network interface(s) and IP configuration(s) are managed automatically by in the Operating Systems.
Our solution deployment will use the configured interface configuration, but will also allow different form of security hardening in term of firewall and network interfaces segregation.
- The deployment also allows to configure services binding to dedicated network interfaces.
- The Internal Firewall can filter and protect network flows between different network security layers.
Network Interface - Standard Configuration
The solution will use by the default network interface and associated IP configuration. These settings will be used to bind each different services of Nodeum.
Network Interface - Service mapping
Furthermore each services can be bind to specific network interface, for doing that, the Nodeum Ansible Installation playbook needs to be reapplied once the inventory files have been modified accordingly to the mapping you need.
In the hosts information file you can find in the extracted Nodeum installation package, you will find the following file(s) : /inventory/hosts_vars/srv1. This file contains the different configuration and settings that will be applied to host.
There is section to define the service binding. By default, as it has been explained in the previous chapter, the default configuration is available at the beginning of the configuration file. By default the iface_name parameter is using the main network interface, but this information can be overwritten.
# If there is no default network interface defined or you want to override it
# iface_name: eth0
Afterward, in the same file, you can find different parameters to bind a list of services to a specific interface name.
# Specific name of interface for each services. Default to iface_name (or default network interface) if undefined
# smb_iface_name: eth0
# nfs_iface_name: eth0
# rails_iface_name: eth0
# zookeeper_iface_name: eth0
# solr_iface_name: eth0
# catalog_indexer_iface_name: eth0
Here is the description of each parameter :
Nodeum integrated its own “firewall” configuration to protect themselves from a host-based layer.
In the Console Administration
Settings - Hardware - Network
This section, the 3 following parameters can be configured :
- Primary DNS
- Secondary DNS
This page displays the list of Network Interfaces available, some additional information about the status of each connection are also available.
One of the most important information is the status of each interface :
Status of Interface
|connected||The interface is connected|
|disconnected||The interface is disconnected.|
|unmanaged||The status is unknown , the reason is that the interface is not managed by network manager|
If the status of the adapter is "unmanaged", this means that the adapter is not managed by the system.